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Abstract .- «,, 

A denotational semantics of CLU, an ol tawpage supporting data 

abstractions, is presented. The definition is based on approach to 

the theory of computation. Moduli the basic unit of compilation, art represented in terms 
of a set of recursively defined domains called the abstract syntax. As $ ing the 

legality of a module, a transformation is -made from the abstract syntax te>a modified 
syntax; the transformation reflects the results of compile-time computations that need not 
be repeated at run-time. An execution environment is defined to be a set of objects, each 
with a particular state, together with a mapping from variable names to objects. The 
meaning of an expression or statement is a function that takes an environment and 
produces a result consisting of a termination condition, a list of zero or more objects, and a 
new environment; the termination condition is used to govern control flow. This uniform 
treatment of ejcpresfton* and statemenu allows a simpia definition of the runtime 
exception handling mechanism provided in CLU. The meaning of a procedure generator 
or iterator generator is a function that takes a list of actual parameters, a list of arguments, 
and an environment, and produces a result as for statement and expression evaluation. 
The meaning of parameters is given in terms of textual substitution. A non-parameterized 
routine is viewed as being a generator with an empty parameter list. The meaning of a 
cluster is a function that takes a list of actual cluster parameters and an operation name, 
and produces the meaning of that operation. 
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1. Introduction 

With the design of the programming language CLU [Liskov77a, Liskov77b, Liskov78] 
essentially complete, it is important to have a precise semantic definition of the language. 
Such a definition can be useful to: 

1) the designers, in verifying that CLU is well-defined, 

2) implementors, in proving the correctness of system implementations, 

3) programmers, in writing programs and proving them correct, and 

4) other language designers, in gaining a precise understanding of CLU. 

There are four basic styles of semantic definition. Grammar-oriented methods, such as 
attribute grammars [Knuth68], W-grammars [vanWijngaarden76], and production systems 
[Ledgard77], consist of a set of rules for generating legal programs together with a set of 
rules for defining the meaning of a program; the meaning is defined either by generating 
all possible execution sequences or by translating the program into a predefined 
programming or assertion language. Operational schemes, such as the Vienna Definition 
Language [Wegner72] and SEMANOL [Blum73], specify meaning by defining a 
metaprogram, executable on an abstract machine, to serve as an interpreter; the meaning of 
a program for particular inputs is given by a trace of the computation performed by the 
interpreter. Denotational methods, such as the Oxford definition method [Scott7la, 
Milne76, Stoy77], define the meaning of a program as a mathematical function from initial 
to final states, with intermediate state changes ignored. Axiomatic techniques, such as that 
proposed by Hoare [Hoare693, specify meaning with axiom schemas and rules of inference; 
the meaning of a program is a mathematical relation between predicates true of all states 
before and after execution. 

Unfortunately, no single style of definition is well-suited to the needs of all four classes 
of people listed above [Hoare743. Grammar-oriented and operational definitions are the 
most appropriate for implementors, whereas designers often need a denotational semantics, 
with "irrelevant" implementation details abstracted away. On the other hand, an axiomatic 
definition is the most useful for programmers. Thus several definitions may be needed. 
However, there should be one "standard" definition, against which all others must 



ultimately (if indirectly) be compared. 

This thesis presents a denotational semantics of CLU, based on the lattice-theoretic 

approach to the theory of computation as initiated by Scott [ScottTO, Scott71b, Scott723. We 

have chosen a denotational semantics for the following reasons: 

1) Compile-time type-checking, a very important aspect of CLU, does not fit within an 
axiomatic framework but is easily described with denotational techniques. Hence a 
denotational semantics can be used to verify a compiler's implementation of 
type-checking. 

2> Current axiomatic methods do not handle the object-oriented semantics of CLU. 
Specifically, the treatment of side-effecu on objecU is not well developed. We believe a 
denotational semantics will be a useful tool in extending axiomatic technique* to 
encompass object-oriented semantics. In particular, proving axiomatic and denotational 
definitions equivalent is generally much simpler than proving axiomatic and operational 
definitions equivalent. 

3) Although a denotational semantics is not particularly suited to the task of verifying a 
code generator or a run-time system, a denotational semantics is generally simpler and 
more concise than an operational semantics, and thus is a better candidate for the 
standard definition. 

4) A new formalism, based on a new model of computation, has been developed by 
Schaffert [Schaffert78bJ and used to define CLU CSchaffertTte). Designed explicitly 
for object-oriented languages supporting data abstractions, Schaffert's method combines 
various elements of operational, denotational, and axiomatic techniques. We wish to 
present an alternative definition of CLU using an established method, so that the 
usefulness of Schaffert's work can be evaluated for a non-trivial language. 

We do not provide an informal description of the syntax and semantics of CLU. 
Rather, we assume the reader is familiar with CLiskov783. We do describe the most basic 
elements of lattice theory necessary to understand the definition, but we assume familiarity 
with the X -calculus [ChurchSU. We do not deal with the question of whether the 
definition is well-founded; readers interested in the details of fixed points and reflexive 



domain constructions are referred to [Scott7lb, Scott763 for prbef . 

Chapter 2 provides an overview of the definition, describing the most important and 
novel aspects. Chapter 3 presents the theory and notationused throughout the remainder 
of the thesis. An abstract syntax for CLU is given in Chapter 4, lis well as a modified 
syntax used for defining meaning. Chapter 5 defines legal programs and the 
transformation from the abstract to the modified syntax, and Chapter 6 defines the 
meaning of legal programs. Indexes to the numerous domains and functions defined in 
these chapters are provided at the end of the thesis, and should prove useful aids to the 
reader. Chapter 7 concludes with some general comments about itfoe iiefmitidn and gives a 
comparison of our definition to the one done by $enafT«rt. 
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2. Overview 

The basic unit of compilation in CLU is'* 'moduli, an implementation of an 
abstraction. Our definition consists of two major parts. The first part, defining what 
constitutes a legal module, captures the notion of compilation, while the second part, 
defining the meaning of legal modules, captures the notion of execution (or evaluation). 
This chapter gives an overview of these two parts. 

2.1 Legality 

For a module to be legal, it must satisfy certain syntactic and semantic constraints. 
Checking the context-free syntactic constraints is part of parsing, and will not be dealt 
with. Instead we define an abstract syntax, in terms of a set of recursively defined domains, 
to represent all possible parse trees. The abstract syntax retains the basic syntactic structure 
of the program text but various details, such as formatting and the presence of comments, 
are not represented. The precise relationship between the abstract syntax and actual text is 
defined in an appendix. We group the checking of context-sensitive syntactic constraints 
along with type-checking under the term legality-checking. 

2.1.1 Syntactic Transformations 

Among other things, legality-checking involves the evaluation of constants, the 
substitution of actual values for equated identifiers, the expansion of abbreviated forms of 
invocation, and the resolution of external references. These same computations are 
necessary to define the meaning of a module. If we are to separate the legality of a module 
from its meaning, we must retain the relevant information from the cheeking phase and not 
recompute it when defining the meaning. This implies that, as part of legality-checking, 
we must transform the original parse tree into a new (and simpler) form. 

Some of the declarative information in a module is not needed when defining the 
meaning of the module. For example, much of the module heading exists solely for the 
purpose, of type-checking. Further, the declarative information that is necessary for 
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defining the meaning is usually scattered throughout the module, tad roast be collected and 
put in a more useful form. For example, Y§riaJ*to dtc||ff|j^i djejK* ., cause §n| imnipdiaite 
action during evaluation, but variables local to a given scaring unit must t»e_ removed when 
that unit is exited. Thus at some point it is necessary to collect |H of the variables declared 
in each scoping unit. 

Since all of the declarative inforrr»tiofr is |S^ wf 

prefer to include all of the processing as pajt of legality-checking. Hence 
"legality-checking" involves not only checking the legality of a module, but also removing 
^formation lrrel«?yan,t .jo. e^jua,^ a*$ p|i$fl| ^fp^rr^t^ qec^s^y |p evaJuat»of> in its 
most usable fp/rp, Howe.vej:, PM #J flf,ty--.!l^WMltoMMi9M. ^ Q*$WW M* 
maopmgs into a subset of tfcj jibs)^ U^h T^^W-MM^^*® ^Mti ?®^' 
Called the tran£oryed {|#f*./«r 1*&!B&^Ml^M&%t 99fb.oJ& :W& $W* 
Of tlje abstract s vr^x. we define a, £un#fo/) lWp^h^0M ^PW# Jfc?.4WW& *f?£ 
constructs a^e^Jp^ .. . y . ... ■ : , 

2.1.2 Compilation Environments " 

The legality of a program fragment generally depends on the specific context in wh>cji 

the fragment appears- Therefore, legalty^l^UTf '"'& »ii»pji ^^ if^ rfffJfct ^p | 
particular wmpWlff* WWMmiU, or £$• f *$#.$; £fj|4 ^TflgPfM JafpW* f rom 
; ^en.ti/Krs I Ap.,ai?s^tc^M aod ^pn^ts,.^ $ Wl^njf^ &m^.-9lfefflfr *r» 
mapping is ca#d £»?e ££ #» CM$9tf$. ^ *§ «P $& J8P £1 f# %,:W^ 
environment. Jo addition, % £g conjtaAns tbj; ^J#i£e$ decj»ra£c$s $ ; Jf$aJ| $$)$$&• 
interface jiiMpr^aticjo derived ffom the^mojJufc Jlgpjk^ ftjCjIgg ind^catjng jlf ,Mw? <*P* V #-# 
loop statement if . t^jng chejek^d Ctp define ^ Jegj^r { ($ JffVifeJWL c©n#iJM« 

statements), and j^nytytyp afeoi*t ,aj *m*m *IW^*WmN^-'.& -titr*** 

statement. 

T he C E ajsp .contains pax t of the CLU Ukt^ ## iW^PI 0. S$:ffl#F ll ft !t iffl JJSSW 1 
abstractions. For each abstraction there is jt dt^ipticn 0£.. ($y) containing , all 
system-maintained information about that abstraction. For our purposes there are only two 
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pieces of information a DU contains: an interface specification representing all information 
needed to type-check uses of the abstraction, and a list of implementations. Since this 
information can expand over time (DUs are initially empty) and we have only static 
mathematical objects to work with, a DU is represented simply by a unique id. The library 
is then represented by a pair of mappings, one from DUs to interface specifications, and 
one from DUs to implementations. The CE contains only the first mapping. 

2.1.3 Interface Specifications 

In general, before a module can be compiled, the library must contain an interface 
specification for every abstraction the module uses. For our definition to be complete then, 
we need to define what legal interface specifications are and how interfaces are entered into 
the library. Although a specific textual form for interfaces is not given in CLiskov78], the 
interface for an abstraction can be derived from any legal module implementing that 
abstraction. Therefore, rather than introducing a textual form for interfaces, we will view 
a request to compile a module as if it were a request to first derive the interface and (if 
necessary) enter the interface into the library, and then actually compile the module. 

Thus we allow a module to be compiled even though the library does not contain the 
interface of the particular abstraction being implemented; the interface is installed as a 
side-effect of compilation. More generally, a group of modules can be compiled 
simultaneously even though interfaces do not exist for any of the corresponding 
abstractions. 

With this view of compilation, legality-checking takes on the following form. First, 
interfaces are derived from the headings of the modules to be compiled. These interfaces 
must be identical (up to renaming of formal parameters) to the interfaces already in the 
library, if any. The derived interfaces are Chen installed temporarily in the library and the 
modules are checked in their entirety. The derived interfaces remain in the library if all of 
the modules are legal; otherwise they are removed. 
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Although it is fairly easy to derive and check the interface of almost any reasonable 
module, it is possible to construct nonsensical yet legal modules for which the process is not 
so easy. Unfortunately, it is extremely difficult to devise simple rules that make nonsensical 
modules illegal without also making some sensible modules illegal, and no such rules exist 
in CLU. Hence we must deal with a few problems. ' 

In particular, certain kinds of cyclic and self references complicate the way interfaces 

must be derived. For example, to derive the interface of F in 

P = proc returns (Atfalse]); ... end P; 
F = proc returns (ACF » PI); ... end F; 

one must evaluate the expression "F - P". This expression is an abbreviation for the 

invocation "T$equal(F, P) n , where T is the type of F. If we take the stand that illegal 

expressions should never be evaluated, then to type-check "F - B" we must know the exact 

type of F. However, the type of F depends on the value of the very expression we are 

attempting to evaluate. 

Although this is a bizarre example and would never occur in a real program, it is in 
fact legal. We can reason as follows. P and F are distinct procedures, and distinct 
procedures are never considered equal. Therefore the invocation evaluates to false if it is 
legal. But then P and F are of the same type so the invocation is actually legal. (The 
invocation would be illegal if P were written with "ACtruel".) 

As a slightly more reasonable example, consider a two-person game where players 
operate by different rules. One might try to represent alternating moves in the game as 
follows: 

offense - cluster Ct: type] is best_replies, ... where t has ... ; 

best_replies = iter (x: cvt) yields (defense^]); ... end best_replies; 
end offense; 

defense = cluster [u: type] is best_replies, ... where u has ... ; 

best_replies = iter (x: cvt) yields (offenseCuD); ... end best_replies; 
end defense; 

The interface of defense is needed to check the interface of offense (specifically to check 
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"defenseCtl"), and vice versa (to cheek "offenseEuJ"). Initially we can assume that 
"defensett]" and "offenseCul" are legal type specifications; then after the derived interfaces 
are installed we can actually check the legality of these constructs. 

As these examples suggest, we can derive an interface and check its legality, but two 
passes are required to guarantee that no errors are missed. In the first pass certain 
constructs are simply assumed to be legal, and must be evaluated with incomplete type 
information. Then these constructs are rechecked when checking the entire module, this 
time with complete information, to ensure there are no inconsistencies. 

In more detail, we begin legality-checkifig by installing one of two special interfaces for 
each abstraction bemg implemented. The special interface type is used when the 
implementing module is a cluster; every use of the abstraction £ considered a legal type 
specification, regardless of the number and types of actual parameter* supplied. In 
addition, every operation name qualified by such a type specification is considered legal. 
The Special interface routine is used when the implementing module is a procedure or 
iterator; every use of the abstraction is considered a legal routine name, regardless of the 
number and types of actual parameters supplied. 

We also define a special type, routine, to be used as the syntactic type of every routine 
name (and every operation name) that is assumed legal (This does not mean that "routine" 
is a reserved word; a use of "routine" in a program will not refer to this special type.) The 
type routine is a "wild card" in that it is considered equal to (and hence includes and is 
included in) all procedure and iterator types. Routine is defined to have the same 
operations that procedure and iterator types have. Returning to the invocation "F - P" in 
the first example above, both F and P would be assumed to be legal names of syntactic type 
routine, so the invocation would expand to "routineSequeKF, P>" and then evaluate to 
^alse. 

The special interfaces and the type routine are used only when deriving interfaces. 
The type routine is used only when an abstraction has a special interface, and the special 
interfaces disappear when the derived interfaces are installed. 
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2.2 Meaning 

Our definition 6f the meaning of * legal pfo^rim tari WstiffiMtiM : 'as fbflbwsi The 
CLU universe is defined to be the set of all potentially existing otyecfj. A particular set of 
objects, each object having a particular individual state, is termed a universal state. An 
execution environment is defined to be a universal slate together with a set of variable 
bindings represented as a mapping from identifiers to objects. The meaning of an 
expression or statement is a function that takes an environment and produces a result, 
consisting of a termination condition, a list of zero or more objects, and a new environment. 
The meaning or a procedtK-egentrator^r itet*«ef^ir«ffitM 

actual parameters, a list of arguments, and an environment, >and produce a resuh. The 
meaning of parameters fe give* in terms of "textual" sutntitutton; A non-parametemed 
routine is viewed as being a generator with an tMri|ty'<jMfiii<Mfir 'lib: TM irielfntnf of a 
chaster is a function that takes a list of actual cluster parameters and iff operation name, 
and produces the me»mng of that operation. 

We now discuss these points in more detail. 

2.2.1 Objects 

Every object has an identity, distinct from the identity of all other objects, and a set of 
properties. Objects with only time-invariant properties are called constant; the properties 
associated with a constant object comprise that object's value. Objects with time-varying 
properties are called mutable; the current "values" of the properties of a mutable object are 
collectively termed the state of that object. 

One time-invariant property associated with every object it membership in a type. 
Were it not for the necessity of defining the parameterized procedure force, which 
requires testing the type of an object, there would be no need to include any type 
information in our representation of objects. However, since this information must be kept 
for at least some objects, we choose to keep it for all objects. One component of every 
object is thus a type descriptor, a canonical name for the type of which the object is a 
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member. 

The presence of a type descriptor in every object simplifies the task of making objects 

distinguishable. In particular, since every constant object has a unique value* the value can 

serve to represent the object without introducing explicit identities. For .example, the 

constant objects obtained from the invocations 

oneofta, b: intilmake jrt3> 
oneofta, c: int]$make_a(3) 

can (only) be distinguished by their types: 

(tag: "a", val: (val: 3, type: int>, type: onaofta: int, b: Inti) 

(tag: "a", val: (val; 3, type, int), type^ onaofCa: int, c lnt3) 
However, it is not sufficient to represent a mutable object by its state, as different mutable 
objects can have identical state. Rather, the identity of a mutable object is explicitly 
represented by a unique id. 

Although we would like to represent a mutable object directly by its identity and state, 
this cannot be done. The problem is that we want to be abfe to change the state of an 
object without having to alter the representation of any other object. , To illustrate, suppose 
we have two arrays, represented (approximately) as 

(id: A, low: 1, elts: O, type: arraytirrt]) 

(id: B, low: 1, elts: ( (id: A, low: U cits: .0, type., arrayUnt)) >, 

type: arrayCarrayfJnt}]) 
The array B contains the array A as an element. Now. suppose we change the low bound 
of A: 

(id: A, low: 2, elts: 0, type: arrayCint]) 

(id: B, low: 1, elts: ( (id: A, low: 1, elts: 0, type: arrayUnti) ), 

type: arrayt arrayCint]]) 
Since we are dealing with static mathematical values there is no sharing, and the change to 
A is not reflected in the "copy" of A contained in B. 

Our solution to this problem is to represent a mutable object with just a unique id and 
a type descriptor. The above example would then look something like 
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(id: A, type: arr«y[intl) 

(id: B, type: arrayCarrayClnt]]) 

The association between mutable objects and the rest of their state is given by a mapping 

(or mappings) as part of the universal state. For example, 

staid. A) - (low: 2, efts: (» 

stateCR) « (low: 1, efts: ( (id: A, type arreyCmti) » ? 

In fact, by considering constant objects as always in existence, the universal state can be 

represented simply as a list of mutable objects (i.e., unique id-type descriptor pairs) together 

with one or more state mappings. 

In dealing with parameters, it wiH be convenient to treat actual parameters uniformly as 
objects. The orrty actual parameters not horhully thought of as objects are types, but there 
is no difficulty in treating theft as such. A type object is represented by a pair of type 
descriptors, one for the type itself and one for the type of tli* object as a whole. For 
example, 

(val: arrayfint), type: type) 

2.2.2 Variable* 

We would like to model variables with a mapptiif from identifiers to objects, (In 
particular, we wish to avoid using the standard "store* semarttics tStrachey733, where 
variables name memory locations that contain pointers to locations containing objects.) 
Because of the representation we have chosen for objects, there are no difficulties with this 
model; having several variables denote the same object is essentially the same as having 
several objects contain the same object, 

Uninitialized variables are treated in the following manner. Initially all variables 
denote a unique "bad" object, which otherwise cannot be produced in a lejgal computation. 
Whenever a variable is referenced, the denoted object is checked to ensure that it is not the 
"bad" object. At the end of each scoping unit, ail variables declared local to that unit are 
agam made uninitialiied by n»pping them back to the ^Hl'objeet 
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2.2.3 Termination and Exoeption Handling 

A continuation is a function that defines the meaning of the "rest" of the program, 
starting from a particular point in the text. Continuations are normally used when 
non-sequential control flow is possible tWadsworthTSL For example, continuations can be 
defined at every labelled point in a program; the meaning of "go to L" is then defined as 
the application of the continuation for L to the current environment. However, since orily 
well-structured, forward transfers of control occur in CLU, we have chosen not to use 
continuations. Instead, we "tag" the outcome of every evaluation with a termination 
condition. ■■ ' '",-'■' . 

The basic idea is that one condition, normal, implies that control should proceed 
sequentially, while all other conditions imply a Jenifer, of control. The equations of the 
definition are written so that results with non-normal termination conditions propagate 
through all intermediate evaluations until (he »|prc^riate point of control is reached. For 
example, the result of a return statement propagates to the procedure or iterator boundary 
and then changes to a result with a normal termination condition. Similarly, the result of a 
signal statement propagates to the procedure or Iterator boundary arid then changes to look 
like the result of an exrt statement; the result then propagates to the appropriate handler in 
the caller. 

For this technique to work well, it is necessary that expressions and statements evaluate 
to elements of the same domain, so that results can propagate freely. The result of such an 
evaluation therefore is defined to be a triple consisting of a termination condition, a list of 
zero or more objects, and an environment. Normally, expression evaluation produces a 
result with just one object arid statement evaluation produces a result with no objects. 

Since expression evaluation cannot alter any variable bindings (but statement 
evaluation can), one might wish to make the result of expression evaluation include just a 
universal state instead of a complete environment. Although this Would obviate the fact 
that expression evaluation does not alter the variable bindings for subsequent evaluations, 
it would not obviate the fact that variable bindings for subexpression evaluations are not 
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affected. Since the proof* of these facts are trivial but having two result forms would 
complicate the definition, we prefer to use a single form of result. 

2.2.4 Iterators 

There are basically two ways to view an iterator. The first way is that an iterator 
actually yields values to a for statement. In order to define iterators in this way, an iterator 
must actually yield an extra value, namely a continuation, so that the iterator can be 
resumed. In the second view a cloture, consisting of the loop body and the variable 
bindings active for that body, is passed to the iterator. At each yield statement the loop 
body is evaluated with its active variable bindings to produce a new universal state and 
new variable bindings. The hew bindings replace the previous bindings in the closure, and 
the iterator contmues with- its own active variable bindings and the new universal state. 
When the iterator terminates it rettirrti the variable bindings produced by the last loop 
cycle, and the cafler continues with those bindings. 

We are not using continuations to define any other constructs of CLU, so it seems best 
to take the second view of iterators. Further, defining iterators in this fashion involves 
much less interaction with other clauses of ihe definition than would be the case with the 
first view, and works out much Simpler overall. 

The closure for a for statement is kept as a component of the environment. However, 
iterators can invoke other iterators, so the environment actually contains a stack of closures. 
The caller pushes on a closure before invoking the iterator. At each yield statement the 
iterator pops off the top closure, evaluates the. loop. body, and then pushes a new closure 
back on the stack. When the iterator terminates, the caller pops of f the top closure. 

Since the iterator controls evaluation of the loop body* the for statement automatically 
terminates when the iterator terminates. On the other hand, if the loop body executes a 
return or signal statement or terminates in an exceptional condition, this information must 
be propagated through the iterator and back to the caller. The information must be 
treated specially; for example, the result of a return statement executed in the loop body 
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should not be changed at the iterator boundary to look like a normal result, as would 
happen for a return statement executed in the iterator. Thus, special termination 
conditions are used in these cases. 

2.2.5 Modules 

Rather than distinguishing between parameterized and non-parameterized modules, we 
prefer to view every module as having a parameter list, though the list can be empty. The 
meaning of a procedure is then a function that takes a list of actual parameter objects 
(treating types as objects as previously discussed), a list of argument objects, and an 
execution environment, and produces a result <a terminatton condition, a list of objects, and 
a new environment). The meaning of parameters hv grven by a rewriting rule: the actual 
parameters are substituted for the formal parameters in the parse tree before the procedure 
body is evaluated. Hence there is no need for parameter bindings in the execution 
environment. 

Because of the way we have defined iterators, they have the same functionality as 
procedures. The iterator and its alter modify the environment rather than explicitly 
passing extra values back and forth. 

The meaning of a cluster is a function that takes a list of actual cluster parameters arid 
an operation name, and produces the meaning of that operation. The actual parameters 
are substituted for the formal cluster parameters before the meaning of the operation is 
derived; the meaning of the operation is then defined as for any other procedure or 
iterator. The function produces the meanings of all routines in the cluster, including 
"hidden" operations; legality-checking ensures that only the cluster can directly name the 
hidden operations. 
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3. Thmavy and Notation 

This chapter describes the most basic elements of the kmce*-tb«or«ic approach to the 
theory of computation, and introduces the notation used In the remainder of the thesis. 
Our goal here is to say just enough about the underlying theory for the language 
definition to make sense; many aspects will be ; jlossed^er w^ for and 

detailed discussion of the lattice-theoretic approach can be found in [Sco«72]. 

3il Domains 

A domain is a non-empty set of elements, < A domain niust also feawe a part iai ordering 
defined on Us elements, but therOrdeting wiM not oanomi us ttereJ EMerf domain D has a 
distinguished element, £ & cajfed bottom. Bottom is used to represent the value of 
meaningless, illegal, nonlenmna ting, or ot her wise undefined computations. 
Legality-checfcing never involves such a computation, and legality-checking guarantees that 
bottom is produced only by nonterminating computations during program execution. 

Domains ate constructed in the foMowirtg ways: 

1) Given a countable set of elements, a primttivt domain is fownedVby adjoining to the set 
a distinguished element to serve as bottom. 

2) Given domains D x , D 2 D n , the product domain 

a -:'■■■■■■:■■■"■■ •■....-■■>' 

x D 1 - D, x D 2 x ... x D n 
. -i»i ;■•■■ -:v„ • - . .; ■■■■ "■ ■ ■""■ :'"■•■ 

is defined to be the set of all n-tuples of the form 

<dy d 2 ; .,.; d n > 

where each d^ is an element of D v A product domain is essentially a form of constant 

record. The element 

is distinguished as bottom for the product domain. When all of the D^ are the same 

n 
domain D, we write x D, as D n , the set of all lists of length n of elements of D. We 

w 
treat D and D 1 as the same domain. We define D° to be the set {!„, <>> for ail 

domains D. The 0-tuple <> is written as "nil". 
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3) Given domains D J( D t ..., D^ the sum domain 

n 

+ D, - D, ♦ D, + ... + D_ 
is defined to be the set of all pairs of the form 

^ijd^ 
where d i is a proper element (i.e., not bottom) of D r In addition, the sum domain 
contains a distinguished element as bottom. A sum domain is similar to a oneof type. 

4) Given a domain D, the domain D* of all lists of elements of D is defined by 

D* -?D" -D r +D 1 + ...+ D"*„. 

Similarly, the domain D* of all non-empty lists is defined by 

' CO , • i 

D + - ♦ D" - D 1 ♦ D* ♦ ... ♦ D" ♦ ... 
- . »■! 

5) Given domains D 1 and D 2 , the function domain 

is defined to be the set of all continuous functions from D t to D r We witt not define 
continuity here (see CScott72]), but simply note that all of the functions used in this 
thesis are continuous. The function 

xd r i D2 
is distinguished as bottom for the function domain. 

We define V to have precedence over V and V, and V to have precedence over '"♦'. 
For example, we write 

Expression x CE -» Expr x CE 
instead of 

[Expression x CE] -» [Expr x CE] 

3.2 Notation 

In general each domain is given a name, consisting of letters and underscores. As an 

00 00 

exception, the domains + D n and ♦ D n are named O* and D + , respectively, for any 
domain D. Domain names are written with at least the first letter capitalized. 
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An arbitrary element of a domain is written as the domain name alt in tower case, with 
a digit added if necessary to distinguish it from other names, Thus* 
d.dl, d2 are names for arbitrary elements of D 

d*, dl*. d2* ate names for arbitrary elements of D* 
d + , dl + , d2 + are names f or arbitrary elements of D* 

Names for specific firftctfom appeat m itaTfes. 

For any name D, the boldface name stands for a two-etement domain whose (only) 
proper element is written as the boldface name dV For example, the domain Trt» consists 
of two elements, l True and trim. In addition, a boldface operator (♦, - f etc) or punctuation 
symbol (<, C, etc.) names, according to context, either a two-element domain or the proper 
element of that domain. 

n 

A typical element of a product domain x © f is usu»% written as 

^^d^ ...;*„> 
However, when alt of the components come from syntactic domains, boldface elements and 
spaces serve to separate the various components, and elements are written as 

ECdj d 2 ... d rt J 
For example, a typical element of the domain 

Begin x Body x End 
is written as 

C begin body end! 
The syntactic domains are those used in the abstract syntax, the transformed syntax, end 
interface specifications. They are defined in the next chapter. 

We will often want to extract specific components from elements of product domains. 
Therefore, each component is given a name. Occasionally we will Hit these names explicitly 
in the domain definition, as in 

vats: Idri* x body: Unit x env: Env 
When names are not explicitly given, they are taken to be the component domain names in 
lower case, except that * and + are changed to V, and a digit is added if necessary to 
distinguish components of the same domain. For example, the component names of 



Obj* x Obj* x Env 
are 

objsl objs2 env 

Given an expression representing an element of a domain, a component is selected by 
appending a period, followed by the component name. For example, 

d.objs2 
To "replace" a component named name of an element elt with a new value val, we use the 

notation 

elt [val • name] 
Note that this does not change elt, it merely stands for some other element: 

<d l ;....;d n >[val»d 1 ] - <djj ,..; d^; val;d 1+l ; ...; d n > 

We define 

let name - val in exp 
to be 

Oname. exp) val 
That is, substitute val t or every free occurrence of nam* m exp. Often only names for the 
components of val are needed, so we define both 

let <dj; ».;d n >- val in exp 
and 

let Ed j ... d n J « val in exp 
to be 

let dj-valdj in ... let d n - val.d„ in exp 
We build the naming of components into ^-expressions by defining 

*<dj d n ). exp 

to be 

M. {let <d x ; ...; d fl > - t in exp) 
and when applying a function to an element of a product domain we write ffoj, .... x„> 
instead of g<<Xj; ...; x n >). 
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The form 

£<*! x n > ■ exp 

means that g is defined to be 

X(x x x n ). exp 

When defining functions recursively, we use the form 

g<x x x n ) s ra Mf.Xj x n ) 

This means that one should compute g as the least fixed point of 

Xf. [X(Xj, .... x n ). hd, x x x n )] 

Least fixed points are defined in [Scott723. 

3.3 Functions 

Some of the functions defined below return boolean values. The domain Bool is 
defined to be the sum domain True + False. 



A domain D is said to be function-free if no element of D is, or contains, a function. 
For every function-free domain D we define the function 



Equal: 

as follows: 

dl = d2 
dl = d2 
dl = d2 



DxD-> Bool 



true 
false 

•^-Bool 



written dl - d2 

if dl and d2 are the same proper element 
if dl and d2 are distinct proper elements 
if dl or d2 is l n 



n 

For every sum domain D «= + A, 

1-1 



we define the functions 



A ^injection: 
A ^-projection: 
A^-inspection: 

as follows: 

a 1 in D 
1 A in D 
<i; a.j> to A.j 
< j: a .> to A, 

•V oA i 

<j; a d > is A i 



D 
D 



♦ D 
Bool 



written 
written 
written 



a i in D 
d to A 1 

dijA ( 



<i; a^ 






when a 1 is a proper element 



when i * j 



■;-:^m%P 
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lp/i A 1 



"dool 



These functions are roughly the tame as the oneof mofau valuta, and iL. operations in 
CLU. 

We leave off the explicit injection when an element is in boldface, since the injection is 
obvious. In addition, we write true and falae instead of (tnjp in Bool) and 
(false in Bool). 



For every domain D, we define the function 
Cond: Bool xDxD->D 

as follows: 

if true then dl else d2 ■ dl 
// false then dl else d2 > d2 
if l Bool *A*n dl else d2 ■ JL„ 

For every domain D* we define the functions 



written if bbol then dl else d2 



Head: 

Tail: 

Cons: 

Append: 

Concat: 

Empty: 

Same_size: 

Delist: 



D* -» D 

D* -♦ D* 
D x D* -♦ D* 
D* x D -* D* 
D* x D* -» D* 
D* -» Bool 
D*xD'-» Bool 
CD*]* -♦ D* 



get first element 

get all but first element 

add element at front 

add element at end 

concatenate 

test for empty list 

test for e*jual length 

remove one level of nesting 



The definitions of all but the last of these should be obvious. If we let X - D*, then Delist 
is defined as 

Delisttx*) m rj^if Emptfx*\ 

then niUnD* 

else Concat(Headix*Y, DellstiTa4Hx*Y)) 

Thus, for example (leaving out a number of injections), 

Delist(< «1; 2>; <S; 4»; «5; 6; i>; <8; 9» >) - < <1; 2>; <S; 4>; <5; 6; 7>; <8; 9> > 
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Occasionaly it will be useful to treat elements of a domain D* as if they represent 
unordered sets. For every funakw-free domain ©^ m define ttoe functions 



Element: 


D x D* -» Bool 


written 


dcd* 


Subset: 


D' x D' -» Bool 


written 


dl* c d2* 


as follows: 









d € d* e rec if Emptyld*) 
then false 
else d - Headid*) v d e Taili**) 

dl* c d2* ■ rj!£ if Emptfdl*) 
then true 
else Headm*) e d2* a TaMil*) c d2* 

Note that dl* c d2* simony checks that every element of dl* i$ an element of d2*; duplicate 
elements are allowed in both lists. 

n 

Often when dealing with lists of elements from a product domain D * x A, we will 
want to collect into a list the ith component of each element. For every domain D*. where 

n .?, - 

D - x A . , we define the functions 

1rl . ' .. 

A ^-collection: D* ■* A* written d*^ 

as follows: 

then nil in A * 

else Cont(H^uH4*)A v fatfid*^ 

Sometimes we will want to "change" the value produced by a function for some 
particular argument. For example, we will use a function from Identifiers to objects to 
represent variable bindings, and assignment to a variable will correspond to changing the 
object produced by the function for that variable. However, since we cannot change 
functions, we construct new ones instead. For every function domain F - A -» B, where A 
is a function-free domain, we define the function 

Rebind: F x A x B -♦ F written fCa «- bl 

as follows: 
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fta «- W ■ Xal. if al -a 
then b 
else Hal) 

■ i 

Occasionaly we will want to take an element of one sum domain and treat it as an 

element of some other sum domain. For example, we might want to treat an element of a 

domain D + as an element of D*. For any two sum domains 

D - C -I B J ♦ C + AJ ♦ C " C J T - [ ♦. E«J + 1 " AJ + I * FJ 
1-1 1 1-1 ' 1-1 1 i-i ' _ 1-i 1-1 

we define the function 

Coercion: D -> T written d tojn T 

as follows: 

d to_in T ■' if d is A l 



then d to Aj in T 



else if d is A 2 



then d to A 2 in T 



«/j* i/" d tj A„ 
else 1 



then d to A„ in T 



•t 
We leave off explicit coercions f ram D* to D* for every domain D. 

3.4 Further Notation 

We define 

res <term; ob j*; env> * t in e 
to be an abbreviation for 

if t.term is Normal 

then let <term; obj*; env> - t in e 
else t 

when t and e are (op produce) elements of the domain Result (defined in Chapter 6). It is 

this form that allows results with non-normal termination conditions to propagate through 

intermediate evaluations. Use of this form also has the desirable effect of allowing the 

result of a nonterminating computation (i.e., -Lr mu i^ to propagate through. 
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We abbreviate 

let a x - t x in l*t a x - t x 

let a t . .m t i in ** .» V 



■\U'. 



to 



/«r a j+1 -t j+ i in to ^f^i 

/<>r a n -t n in e » n - 1„ 

in 
e 



To decompose elements of a sum domain D •» ♦ A, we,d*!Wn* 

1*1 

case d 

f/cm a j o/A j IftdUAj 

then e . f*#n let a^ - <d to A^) in e j 

to be 

<?/<?>« a k o/A k etafUishJ 

then e k f**n ftri^MnAj) in e k 

*/« e • d#r"if " 



and 



cci^ d 

e/m ajO/Aj (f<4fcAj> 

ffon e, then M a^r^l*^ in «$ 

to be 
d«m a k o/A k elsetfj&tS Aj 

then e k tfoh til * fc - <d io A^ in e k 

end else 1 

There need not be an elem arm for every domain A v A"s (mtit expressions, the a^ can be 
idp ...; c^andtfcj ... cfi forms as well as simple identifiers. '."""' 
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Many of the functions we will define take an element of a sum domain as their first 
argument, and perform different computations based on the particular form of that 
argument. In defining, a function whose fim argument belongs, to a sum domain 



p- 


+ A, we usually abbreviate 




g(6, ...) '* case d 




«&W Bjflf Aj 




tM* e t 




eltm a„ of A„ 




'A*n e fl 



to 



jjtajJK.J « e, 
jCa^lO - e n 



<nrf 



Similarly, we will sometimes treat a product domain D - x A, as if it were a "unary sum 
domain" +D, and abbreviate 

gid, ...) ■ /« Caj ... a„3 - d 

in to gCa } ... a n 3(...) ■ e 
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4. Syntactic Domains 

This chapter defines all of the :ryWfactfc domains uied irf the thesis, domains whose 
elements either directly represent piece* of program tSkil dr tiwMf * nitiifal textual 
representation. First we present our abstract syntax for CLU, an4 theii the Wamformed 
syntax. The relationship between these two sets of domains tbettM be fairly obvious and 
will not be elaborated oft bere; the precise relationship M iifiied in the next chapter. 
Finally, we give the forms of interface specifications used in the library. 

To improve the readability of these domain definitions, w* introduce a BNF-lixe 

notation. All domain names appear in tower case, "x" symbols ate omitted when forming 

product domains, and Y symbols are used m place of "♦" symbols when forming sum 

domains. This allows us to write 

when_arm ::• when name* ( dec!* ) : body 

I when name* (*): body 

instead of 

When_arm: Whon x Name* x ( x Deel* x ) x i x Body 

+ When x Name* x ( x * x ) x * x Body 

This notation wilt be used only in this chapter. 

4.1 Abstract Syntax 

Two of the domains below merit special comment: Constant and Equate. These two 
domains contain extra alternatives that would not be found to a normal syntax. The extra 
alternatives represent the overlap that exists between the normal alternatives. In particular, 
the forms "idn" and "idnCconstant 4 !" occur as both expressions and typejtpecs, and an idn 
can additionally occur as a type_set. For example, in the equate x - y it is possible for y to 
name a type, a type_set, or an object of some built-in type. Deckling which domain such a 
form actually belongs in requires semantic Information; therefore the decision is made as 
part of legality-checking, not parsing. 



i-^epttofr' .. . &li&0fGi#ktl*«B&y-: 
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f ulLmodule ::- equate* module 



module ::- procedure 

I iterator 
I cluster 

procedure ::- idn = proc C decl* ] ( decl* ) return* ( typejtpec* ) 

signals ( cond_spec* ) where restriction* 

equate* 
statement* 
end idn 

iterator ::- idn ■ iter C decl* 1 ( decl* ) yields ( type_ipec* ) 

signals ( comUpec* ) where restriction* 

equate* 
statement* 
end idn 

cluster :.-- idn a cluster C decl* 3 is idn* where restriction* 

equate* 
routine* 
end idn 



decl ::- idn + : type_spec 

cond_spec ::- name ( type_spec* ) 

restriction ::- idn has oper_decl* 

I idn in typeset 

type_set ::- < idn I Mn has eper_jdecl* equate* > 

I idn 



oper_decl :.- operjiame* : type_spec 
oper_name ::* name C constant* ] 
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routine ::= procedure 

I iterator 

constant ::= expression 

I idn 

I idn [ constant" 1 " ] 

I type_spec 

body ::= equate* statement* 

equate ::= idn = constant 

I idn = idn 

I idn = type_set 

I rep = type_spec 

type_spec ::= null 

I boot 



I int 

I real 

I char 

I string 

I any 

I rep 

I cvt 

I type 

I array C type_spec ] 

I record C field_spec + ] 

I oneof C field_spec + ] 

I proctype ( type_spec* ) returns ( type_spec* ) signals ( cond_spec* ) 

I itertype ( type_spec* ) yields ( type_spec* ) signals ( cond_spec* ) 

I idn C constant" 1 " ] 

I idn 



field_spec ::= name + : type_spec 



S3 



statement ::- decl 

idn : type jpec s ■ expression 

decl* :■ invocation 

idn + :s invocation 

idn* :■ expression* 

invocation 

expression . name :■ expression 

expression C expression ] :■ expression 

if expression then body 

elseifjarm* 

end 
if expression then body 

elseif_arm* 

else body 

end 
while expression do body end 
return ( expression* ) 
yield ( expression* ) 
signal name ( expression* ) 
exit name ( expression* ) 
break 
continue 
begin body end 
tagcase expression 

tag_arm* 

end 
tagcase expression 

tagjarm* 

others : body 

end 
for decl* in invocation do body and 
for idn* in invocation do bMi? Mis- 
statement except when_arm' h «*id > 
statement except when_*rm* .' ! ° 
others_arm 
end 
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elseif_arm 

tag_arm 

when_arm 

others_arm 

expression 



invocation 



field 



::- elseif expression then body 

::- tag name 4, : body 

I tag name 4 ' ( tdn : type_*pec ) : body 

::- when name* ( ded* ) : body 

I whan name* ( * ) : body 

::- others : body 

I others ( idn : typejpec ) : body 

::- nil 

I bool 

I int 

I real 

I char 

I string 

i type_spec $ name C constant* 3 

I idn C constant* 3 

I idn 

I invocation 

I type_spec $ < f iett* > 

I type^spec $ I expression* ] 

I type_spec $ E expression s expression* 3 

I force C type_spec 3 

I up ( expression ) 

I down I expression ) 

I expression . name 

I expression I expression 3 

I ~ expression 

I - expression 

I expression bin.op expression 

I expression cand expression 

I expression cor expression 

::- expression ( expression* ) 

::- name* : expression 
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bool 

real 
char 
string 
bin_op 



::» true 

I false 

-.:- int e int 

::- char int 

::- char* 



Kft 
// 
/ 

* 

II 

+ 

& 
I 

< 
< = 

a 

> = 
> 

~<S 

~B 
~> = 
~> 



The domain Int is the primitive domain obtained from the mathematical integers. An 
element Cintl e int23 of Real represents the real number tatMQ 1 * 12 . The parser produces 
exact values for literals and, in the case of reals, normalizes the values according to some 
scheme. For simplicity, the domains Name and Idn are both considered isomorphic to the 
domain String, although the parser guarantees that the Ktuar elements used consist of 
lowercase letters, digits, and underscores (no leading digit). 



4.2 Transformed Syntax 

A domain name of the form "djcxx" should be read "xxx 



mod ::- du ■ modjform 



mod_form 


::- opJ"orm 




1 typejorm 


op_form 


::- routine E idn* 3 C idn* > unit end 


unit 


::- stmt* local idn* 



type_form ::- cluster E idn* 1 oper* end 

oper :> idn ■■* op_form 

d_type ::- any 

I type 

I dj-ecord 

I d_oneof 

I d_proe 

I d_iter 

I routine 

I d_mod 

I idn 

I bad 

durecord ;> record E djcomp* 1 

d_oneof ::- oneof E dLcomp* 1 

djcomp -.:- name ; djtype : ^ 

d_proc ::- proctype ( djtype* ) return* C djype* ) *lai*al* ( djcond* > 

d_iter ::- itertype ( djype* ) yield* ( d jype* ) situate C djcefid* ) 



37 



cLcond ::= name ( d_type* ) 

d_mod ::- du t obj* ] 



stmt 


::- none 




1 idn* := expr* 




1 idn* := invoke 




1 invoke 




1 if expr then unit 




elseif* 




else unit 




end 




1 while expr do unit end 




1 return ( expr* ) 




1 yield ( expr* ) 




1 signal name ( expr* ) 




1 exit name ( expr* ) 




1 break 




1 continue 




1 begin unit end 




1 tagcase expr 




tag* 




end 




1 for idn* in invoke do unit end 




1 stmt except catch* end 


elseif 


::- elseif expr then unit 


tag 


::= tag name* ( idn ) : unit 



tag name* : unit 
others : unit 



catch ::- when name* ( idn* ) : unit 

I when name* ( * ) : unit 

I others : unit 

I others ( idn ) : unit 
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expr 



:= obj 



idn 

invoke 

d Jype $ { comp* > 

djype $ [ expr : expr* ] 

up [ djype 3 ( expr ) 

down ( expr ) 

expr cand expr 

expr cor expr 



invoke : 


= 


expr ( expr* ) 


comp : 


= 


name : expr 


obj 


= 


val : d_type 


val 




nil 

bool 

int 

real 

char 

string 

array 

record 

oneof 

d_mod 

d_oper 

djype 

idn 

obj 

bad 


oneof : 


:= 


name : obj 


d_oper : 


;c 


djype $ name [ obj* ] 


tset : 


Irs 


idn has op_decl* 



39 

op_decl ::- name I obj* 1: djype 

The domains Bool, Int, Real, Char, and String are defined in the previous section. 
Array and Record are unique id domains, and are isomorphic to the natural numbers. The 
domain t>U is isomorphic to the domain Idn; a particular element of DU is written simply 
as du 1dn , without an explicit injection into DU. 

4.3 Interface Specifications 

The doma in DU_jpec, representing interface specif kations, is defined as follows: 



du_spec 


;:■ 


r_spec 




1 
1 
1 
1 


routine 
t jpec 
type 
none 


r_>pec 


::■ 


C d_parm* ] : djtype 


t_spec 


::- 


C d_parm* 3 rop_spec* 


op_spec 


::- 


name C d_parm* ] : djype 


d_parm 


::■ 


idn : constraint 


constraint 


1 


d_type 
op_decl* 



The domains Djype and Op.decl are defined in the previous section. 

The domain R.spec is used for procedural and control abstractions; the djtype in an 
r_spec names a procedure or iterator type. T^spec is used for data abstractions; the 
op.specs represent the primitive operations. Type and Routine are used only when 
deriving interface specifications, as described in Chapter 2. 
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Formal para meters are described by an idn and a constraint. The idn is needed 
because it can appear elsewhere in the interface specif ication, and such instances have to be 
replaced by an actual parameter to type-check instantiations of the abstraction, The 
constraint associated with a type parameter is a list of opjdecls representing the operations 
any actual parameter must have, the constraint for any other parameter is simply the 
declared type of that parameter. 

To simplify our definition, the cLparm list in an op_spec ; contains both the cluster 
parameters and the operation parameters, in that order; the constraint associated with a 
cluster type parameter in this list contains the union of the restrictions imposed by the 

cluster and the operation. 

Not all t_specs and r_specs represent legal interface specif ications; onry those produced 
by legality-checking are considered legal. Even the interface specifications of the built-in 
types and the array type generator can be produced this way. Howewer, interface 
specifications for the record, oneof, proctypa, and ftWiS** *$$* fewer**©*! cannot fre 
represented as elements of T_*pec because of the unusual form flt,lM» r P»«nieters. Thesf 
generators are handled specially, as described in section 5.3. 
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5. Legality 

To minimize the number of forward references, we define legality-checking from the 
bottom up. We begin by defining the domain Ci£ of compilation environments. Then, in 
order, we define the legality of type specif icationi, coQUanu, expressions, equates, 
statements, interface specifications, and modules. In general, for each domain Xxx of the 
abstract syntax, we define a function: 

C^xxx: Xxx x CE -» Xxx'xCE 
where Xxx' is the corresponding domain in the transformed syntax. 

5.1 Environments 

Compilation environments are defined as follows: 

CE: info: Info_map x specs: Specjnap x up: Djype x parms: Obj* x 

down: D Jype x locals: Idn* X used: Wrr* x results: Djype* x 
cvts? Bool* x sigs: Sig* x iter: Bool x duster. Bool x loop: Bool x 
handles: Handle* x err: Bool 

Info_map: Idn -» Info 

Info: Djype + Constraint ♦ Opjied* + DU + R_»pec + Routine + Obj ♦ 

Tset + None 

Spec_map: DU -* DILspec 

Sig: d_cond: D_cond x cvts: Bool* 

Handle: Name* + DJiand t Other* 

DJiand: names: Name* x djypeS: Djype* 
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The meanings of the various components of a CE are: 
info - a mapping that holds information about the current bindings of all idns. The 

initial mapping is provided by the user; iny idns &*& iff tneWHlal mapping 

can (but need rtofl be used as wtxtmff^tmam. Tb* meanings of the various 

alternatives k 'the domain Me are: 

d_type - thrdecWfed^ypeof a variable. ' 

constraint - the constraint associated with t parameter. A non-type parameter 
always has this form of info; a type pifamtter only has this form 
of info after interface spedttca«6nii 'HkWkWA.''' 

op.decl* - a list for accumulating the restrictions on a type parameter, used 
only when deriving interface specifications. A type parameter with 
this form of info is allowed to have any and aM •peraMom. 

du - the DU bound to an external reference. 

r_spec - the interface specification of a cluster routine. When a cluster 
routine is referred*©, with an 4da iatber ^§n a name qualified by 
the abstract type, the UK ©f the idn U checked with respect to this 
r_spec, not with reject to the li&ary. Although both forms of 
reference transform to the same value when legal, they are checked 
differently to allow unqualified references to hidden operations. 
, <Hidden operation* are not t^^^ l# the interface of the 
abstraction.) 

routine - used for cluster routines when derivmg interface specif ications. An 
tdn with this form of info » considered a legal routine name, 
regardless of the number and types of parameters supplied. 

obj - the evaluated constant bound *o an equated identifier or external 
reference. Note that types af? iftcluded here as objects. 

tset - the evaluated type jet bound to an equaled identifier or external 
reference. 



, ':r , ^^W*^^*^t : :'-. ■•.■■'-■ : V'. ■..■:■■-'*'? A ^M&^^^'^y^^/'^rsnft. f *, ■*- & ,%*s^ E >Pj'*£<i3«';:- 
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none - the info for all undefined idn* 
specs i* the part of (he library mapping DUs.io their interface specifications, 
up - the abstract type when checking a ck^, ojbewise the bad type, 
parms - the abstract type-hat the fofm "duCobj*J"; this component contains the list obj*. 
down - the representation type when checking a cluster, otherwise the bad type. 
locals - a list of all currently defined local Idns, At the end of each scoping unit, all idns 

local to that unit are made undefined ><M* t\&k409 ** t»t.t» «fH*e>>, and thus 

cannot be used subsequently as external references, 
used - a list of all idns seen so far in the s f ulljnodufe. fevery time an idn is 

encountered, the idn is added to this list. An idn cannot be defined locally if it 

has been used as an external reference or W it is already defined. In both of 

these cases ibut no others^ the iln will have info other than none and already 

wilt be in the list of used idns. 
results - the return or yield types of the routine being checked. If cvt was used as the 

type specification for a result, the representation type is used in this list. 
cvts - a list of flags indicating which positions in the results list were declared with 

cvt. 
sigs - for each exceptional condition listed in the signals clause of the routine being 

checked, this list contains an element describing the exception name, the types of 

results (with cvt replaced by the representation type), and flags indicating the 

positions declared with cvt The fist abo contains aW etement for the /ei/ure 

exception, 
iter - true when checking an iterator, 
cluster - true when checking a cluster, 
loop - true when checking the body of a loop statement, 
handles -a list descrifemg^R exception h^ statement, in 

order from innermost to outtermost handler. The meanings of the three kinds 

of handles are: 
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name* - a list of exception names, u*ed for W*#* arms that discard results. 
d_hand - a M of exception name* and * (possibly emptyVlist of variable types, 

used for all' other#ttei» arms.- 
others -used fo* both form* of ^MIMtff aj*^ For atty $iven except 

■statement,- th« handle* for the whe* arms appear in the handles Ust 

before the ©there handle, 
err - true if any errOrt%ftve been d«©aed. 

Only certain info_maps can be provided legally by the ysfr for use in the CE. The 
legal info_maps are those which can be generated fith the function ^WJfn^o-wa^ using 
legal info_maps and legaj specjnaps, but a^ttrajry equates, , a^a||ura0itt. A* a basis, any 
info_map mapping jdns solely to DUs, ($nd nsjtf) |s considered !p»V J-^*| ipec-" 131 ?* are 
discussed in Section 5.8. 



Netu-info^maplinfajmp, spee_i»ap, equaie** • 
let eel - <?ri^^f|jBfQ^n»a|i, jpjcjnapl ... 
ce2 - C_efuaf«(equate*, eel) 
in 
*/ ce2.err 

M*n infojmap 
ehe ce^info 

C^eqmfes is defined in section 5.5. 

Crfar< , _fc<info_map, specjnap) ■ 

<info_map; specjnap; bad in Djype; Ipa^ #f#f»)Qy^e; niWn Idn*; 

nil in idn ; lp tyn>*« ■ Bool*" sio*' fee^" -~*w*W» " ; sHwiK 
nilin Handle*; fal*e> 

The bottom* indicate comporvent* that wtll he filled in before being used. 
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5.2 Type Specifications 

The major functions defined in this section are: 

Cjtype_spec. Type_spet x CE -♦ t)jype x CE 
C_type_$pecs: Typej^jec* x CE -♦ Djtype* x CE 

Bad-type(ce) * <bad in D Jype; cettrue • err3> 

Has_kndiAjype*y « ■>.:&£ if £tnpry(djype*) w 

then false 
rts« //«K«djype*> fc Bad v //ai-fcaflraifld jype*» 

C_type_specs(type_spec*. ce) * rec 
to <d jype; cel>, - , Q^^ 

<d jype*; ce2> - C_Jyp<_sptcs{Tamtyp*jpK*), eel) 
in 
(/" £m/>fy<type_spec*) 

then <nil in D jype*; ce> 

e/j* <Conj(d jype, d jype*); ce2> 

C_type_sp€cKnu\i3(ce) * <Cdu n||>J EH (r Djtyj^,«e>, 
We abbreviate "EniMn <lbj*r to <WT. > 

C_ry/v_j/>«B:booU<ce) * i^d*^, CD in D jype; ce> 

C_type_spe&\ntHce) ■ <Cdu 1nt EH in^y^ ce* , 

C_/y/KLi^fcCteaHKce> ■ < &&b rt ^ KB in D jyj0«s ce> 

C_i)»/>f_j/>fcl[char3<ce) ■ <Cdu chtr EH in Djype; ce> 

C_r^_j/?«cfl[strino3<ce) ■ <Cdu gtHB9 EH in Djypr, ce> 

C_f)>/E>e_j/«'<:EanyKce> ■ <any in D Jype; ce> 



C-typtspecK.repHce) • ij ccdown is Bad 

then Badjtypdce) 
else .<cejdow££ ce> 

Rep cannot be used ,uak$t tt jtym befadJ^wM jf> §|ft eflWrte. 



C-type_spt<£ cvtl<ce) « £terf_£j|«(ce> 

C_ry /»<•_.! £«Ctype]|(ce> ■ Bad-typeice) 

Cvt and type can appear only as top-levd type specifications in module 
headings, so we wiU check specially for them <he« and Otherwise consider them 

illegal. 

C_ry/v_j/>< , cEarrayCtype_speeIll<ce) ■ . 

/<* <d_type; cel> - C_f #x_jr^«c(type_spec f ce) 

obj* - E(d3ype'fti Vefti f type <« DjcypeH to Obf 

/n ' 

if djype is Bad 
then Bad^typeicel) 
else <Eo , u, rr#y tobj*H in Djype; cel> 

C_ry/*_j/*cErecorcCfield_spec + Il<ce) ■ 

ta <d_comp*; cel> - C^iWrf_i^«(fieid_ipec + , ce) 
d_comp1* - Orrf<r<d_comp*4narae, d^oomp*^ 

in 
if Duplicates(dj:omp*iT\ittw) V Waj_i*<fldjeomp*±djype> 
then Bad_type(cel) 
else <CrecprdCd_compl*33fnbjype; cei> 

The order and grouping of selectors in the text doe* not nutt«r, Jm* the selectors 

must be distinct. 
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C_typ€_spedLoneoflfie\d_&pec*'}l(ce) * ■ 

let <d_comp*; cel> - C_/t*M_j/>*«<fiekLspec + , ©e) 
d_compl* - Or<frr(d_comp*iname, d_comp*) 

in 
if Duplicatesldjcomp* iname) v Has-bad(dj30mp*ldjypt) 
then Bad^typeicel) 
else <tConeof[d_compl*J3 in Djtype; cel> 

The order and grouping of tags in the text does not matter, but the tags must be 

distinct. 

Order: Name* x D* -» D* 

Order is defined for all domains D. The names are permuted to be in increasing 
lexicographic order, the D-list is permuted nr the : same way, and the permuted 
. D-list is returned. The two argument lists must be the same length. 

C-.fieldspecs(fieldjLpec*, ce) ■ rec 

let IE name*: type_spec3 - //«arf(field_spec*> 

<d_type; cel> - C_:y/*_j/>«(type. J spec, ce) 

d_compl* - Get_duc<mpiimti& , djype) 

<d_comp2*; ce2> - C_/iWrf_j/x«<rotf(field_specs*>, eel) 
in 
if Ettiptyi fiekLspec*) 

then <nil in D_comp*; ce> 

else <Append{djcomp\*, d_comp2*); ce2> 

Get„d_comps(name* , djype) m rec 

let d_comp - KHeadinzmt*)', d jypej 

d_comp* - G«r_rf_com/>j<ratf(name*), djype) 



in 



if £mpry(name ) 

then nil in D_comp* 

else Conj(d_comp, djomp*) 
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DuplicatesiA*) ■ rgf tf Empty***) 

then f«J»« 
</« =#**«**) t r*«d*> v ©a^aos*M(raf««*» 

Duplicates is defined for all fuhctiton^rrte domains D. 

C-typespt&proetypm *type,*pe«t*t **t*n* %f»Jp^l*l ll|i Wii 1tl l H i i^ pW^3<*»> ■ 
/rt <d jypel*; cel> - C-typesp*atofpe&pi&% li> ' " 

. <d4yt»e2*s ce2* * ^r|^»^^(^t»^i^^«^- r ^^. : --: 
<d_cond*; ce3> - C_<»ndL_j/w*<eondjspec*, ce2> 
in 
C_/>rM_fy/w(d_typel*, djype2*. djcond*, ce» 

6u.^*ryfMd..t¥pet*, doim***, di«md*, ceJ • \ 
let name* - d*copid*l«aj»e 

djcoftdi* - GrtfrHname*, djcond*) 
in 
if W(7j_fcarf<d_typel*> v //cj_6erf(djype2*) v touf^*si*$$p*) ,v 
("failure" in Name) € name* v M&J>^m%^j^ 
then Badjlypeice) 

else <Eproctyp* <daypei*) return* tdjypeS*? aionots <d_condl*)3 in Djype; 
ce> . ;,;,. . . , ; .;;. Xi ■"-....-,•,..- 

The order in which signals are listed in the text is unimportant. A given name 
can only be used once as a signal name, and "f alfcitf -tisln* -tfe specified 
explicitly. 

C_ry/*_5 jfwDtertype (type^ped*) yle4cl^ ". > ■ 

let <d jypel*; cel> - Cjtype^pecs(tyQejpKl*,;&& 
<d_type2*; ce2> - C_*fl^/W<typejp*3*, eel) 
<d_cond*; ce3> - C_«m^j^*(condjf«r, ce2V 

in '■ . _■ ., 

C_if«r_ry/*<d_typel*, d_type2*. djcond*, ceS) 
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C_lter_type(6jyptl*i #jyp&i djeond*. ce> ■ 
/*f name* - d_cond*iname 

d_condl* - Orderinzme*, d_cond*) 
in ■■*.■.■ ■ • 

if #aj_kzrf<djypel*) v tfajjw<«djtype^> V I>tt#i«WM<hame*) v 
("failure" <* Name), « name* v HasJ>#HDHiit(A_ctwd*l<ijyfXi» 
then Badjtypdce) 

else <Dtertype (djypel*) yields (djype2*> signal* (d_condl*)J In Djype; 
ce> 

The order in which signals are listed in the text is unimportant. A given name 

can only be used once as a signal name, and "failure" cannot be specified 

explicitly. 

C_co7K/_j/»fCi(cond_spec*, ce), ■ rec, 

let Cname(type_spec*)3 - W«arf(cond_spec*> 

<d_type*; cel> - C_ry/^5/MC^<type_spec*, ce) 

d.cond - CnameCdjype*)! 

<d_cond*; ce2> - C_»n«Lj/wi<ratf(condjipec*), eel) 

in 
if fnijMjKcondjpec*) 

then <n\Mn D_cond*; ce> 

else <Coni(d_cond, djcond*); ce2> 

C_ry/>f_j/)e<:CidnCconstant' f 33<ce> « 

let <obj; cel> - CLcontfanfflC idntconstanf* 3J In Constant, ce) 

in 
if ob j.djype is Type 

then <obj.val to Djype; cel> 
else Bad_typeicel) 

Since this construct can denote various things, including types, when used as a 

constant, we simply check the construct as an arbitrary constant and then" make 

sure the resulting object is a type. In this way the basic checking is centralized in 

one place. 
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C_type_spec\L\dnJ(ce) = let <obj; cel> = Cconstanttidn in Constant, ce) 

in 
if obj.d_type is Type 

then <obj.val to D_type; cel> 
else Bad-type(cel) 

Again, we check the construct as a constant and then make sure the resulting 
object is a type. 
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5.3 Constants 

The major functions defined in this section are: 

C_constantz Constant x CE -» Obj x CE 

C-constants: Constant* x CE -> Obj* x CE 

Get_op_type: D^oper x CE -» Djype 

Subst: Obj* x Idn* x D -♦ D 

Get_op_type is used to check if an operation name is legal, and returns the type of the 

operation. Subst is used to substitute actual parameters for formal parameters, and U 

defined for every domain D. 

Bad_ob/ce) * <C(bad in Val): (bad in D_type)3; ceUrue «err]> 

C_amjtan/j(constant*, ce) ■ rt£ let <obj; cel> - C^constanHHtadlconsunl*), ce) 

<obj*;ce2> - C_c«M<ant*(7"a</<con*tant*), eel) 

to 
if Ew^rjKconstant*) 
then <nil in Obj*; ce> 
else <Cons(obj, obj*); ce2> 

C_conjr<7JtflEexpression]l(ce) ■ 

let <expr; cel> - C_£x/>r»rfon(ex pression, ce) 

in 
if Const_expr{expr) 

then let <term; obj*; env> - E^exprtexpr, Primitive_envQ) 
in 
if term is Normal 

then <obj* to Obj; cel> 
else Bad_.obf.cel) 
else Bad_obf eel) 

For an expression to be legal as a constant, it must be a legal expression and a 

legal form of constant expression, and it must evaluate normally. Note that a 

legal expression only produces one object in the normal case, so "obj* to Obj" 

cannot fail. Primitive^env returns an execution environment in which (only) the 

built-in types and type generators, the type routine, and the procedure generator 
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force have implementations. Primltive-env, Term, and Btrtr are define* in 
Chapter 6. 

C_con Jtan/OItype.specIKce) ■ let <djfpe;cel> - 0_^^j^«%pe^peci ce> 

in 
<C(d jype i* Vail: <t^Tte « Biil^l} eel* 

C^constantKidnJ(ce) ■ 

let eel - ceCConj<idn, ce.used) • used] 

in 
case ce.info(idn) 

elem constraint of Constraint 
then case constraint 

elem- djtype rofBjcype 

then <E(idn in Val): djypel; cel> 
<?to <ff(idn to frjype *n Val): (typrffa §Jype>!ii cet> 
f/m opjdect*#Opjlecl* 

Men <£<idn in Djype fn Vat): (type, in D_type)l; cel> 
*/m du o/DU 

Men C_rfu_/xrrmj<du, nit tn Obf, eel) 
e/em CCd4>arm*Kdjypele/R_|p*c 
then let name - Afa**_na»w<idn) 
in 
C_op_^armj(CnameCd_parm*l:djype], ntUnOb/. cell 
f/f m routine of Routine 
then let name - Make^nameiidn) 
d_oper - Ece.uptnameCIS 
in 
<E(d_oper in Val): (routine in DjypeJJ; c*l> 
elem obj of Ob j 

Men <obj; cel> 
f/j< flflrf_o6/cel) 

To be a legal constant, an idn must either be a format parameter, or else name a 

non-parameterized abstraction, a cluster routine, or an evaluated constant. 
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Make„.name: Idn -» Name 

Make^name returns the name corresponding to the given Idn. (Idn and Name are 
isomorphic domains.) 

C_conir<7nrCidnCconstant + ]I<ce) ■ . 

let eel - ce[Conj(idn, ce.used) e used] 

<obj*; ce2> - C~confroa/x(constant + , eel) 
in 
case ce.info(idn) 
elem du of DU 

then C_(rfu_/wr»w(du, obj*, ce2) 
elem CCd_parm*3: djypelgf R^pec 
then let name - AfaJU_nam<(idn> « , ; 

in _,,, . .,. s .,1,. _,, ', • . 

C_op^m4lnm$djp*rm*lt cUtypeJ* ejhj*. ce2) 
*/*»» routine </ Routine 
then let name - Make^nameiidn) 

djjper * Cce.uplnameCobj*!! 

<Od_pper in Va.pi (routine <n 0jtype>3; cej> 
*/«m obj of Obj 

rAin C_conrtanrtCicthtcdrtstant + 33 In Expression in Constant, ce) 
the ' 5<rrf_(*/ce2) • 

The idn must name a parameterized atara&ion, a cluster routine, or an evaluated 

constant. If the idn names an object (evaluated conjtant), then this construct can 

be legal only if it is an abbreviaUon for an MvoaWon of a "fetch" operation. 

Rather than checking the invocation explicitly here, we simply check the construct 

as a constant expression. 
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Cdu^parmsidu, obj*. ce) ■ 
let d_mod - CtJuEobj* 33 

in 
case ce.specs(du) 

elem CCd_parm*3: djypej o/R_spec 
M*n 1/ C^parmidof, d.<pa*itr*; *e> 

r/i*n M djypel - fcfctftobf , -Wjjpiihlftltite djy^i) 
<n 
<E(d_rood in Val): djypelj; ce> 
else Bad^ob/ce) 
elem routine <>f Routine 

ffon <C(d_modin Val):(routiiw<n0j^^ir**» 
<?/*m CCd_parm*3:op_»p«c*3^ , TjS|i«c 
then if C-parmsiobf, d.parm*, ce) 

then mij^i*WJW4nVm4Vfc***®J%&% «> 
<•/** Badsbfce) 
elem type of Type 

M*n <C(d_mod in D_type in ¥a»K#p»« ©Jype)i; ee> 
<r/se Sflrf_o6/ce) 

If the DU is for a procedural or control abstraction and the parameters are legal 

(or assumed JegjO). a rmiM *bj«t. ^ r*^pe4 Jf.jjit ©Q ** f«" » data 
abstraction and the parameters are legal <©r t*st»m«dh#*£#. • *W« *bj«* is 
returned. Oth«rwise, the reference is iUflgal. 

C_o/>_/»ffrmiCnameCd_parro*l: djypeKobj*, ce) ■ 
let objl* - Cw^ce^rmsr obf*) 

in- -. . :' - - ' 

// C_/H7rwu(objl*, d_parm*, ce) 

then tit djypel - Sufotfobjl*, d_parm*itdn, djype) 
d_oper - Ece.up$nametobj*U 
in 
<C(d_oper in Val): djypell; ce> 
else Bad-ob/ce) 
The duster parameters are added in for type-checking but they are not included 
in the d.oper's actual parameter list. 
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C_parms(ob}*, d_parm*, ce) b. 

if obj*idjype = Parnutypesidjpdirm*) 

then let constraint* - SubsHobj*, d_parm*iidn, d_parm*iconstraint) 
in 
Cconstraintsiobf, constraint*, ce) 
else false 

The types of the actual parameters must match exactly the types of the formal 

parameters, and all restrictions on type parameters must be satisfied. 

PamL-.types(d_parm*) s rec_ if £m/rfy(d_j>arm*) 

then nil in Djype* 

else let djype* - ParrtL-typesiTaiHdjparm*)) 
in 
case //*arf(d_parm*).constraint 
elem djype of Djype 

then Considjype, djype*) 
else Conj(type in Djype, djype*) 

C_constraints(obf, constraint*, ce) e rec_ 
if Emply(obf) 

then true 
else if ^constraint s(TaiHobf), ratftconstraint*), ce) 
then case //earf(constraint*) 

elem op_decl* of Op.decl* 

then let Eva I: djypel - Headlobf) 
in 
C_op-decls(vi\ to Djype, op_ded*, ce) 
else true 
else false 

C-parms checks that the actual parameters are of the correct type, so if the 

constraint is an op_decl list then the corresponding actual parameter is guaranteed 

to be a type object. 
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C_o/»_rf< , c/5(d_type, op_decl*. ce) s rec_ 
if Empty(op_ded*) 
then true 
else let CnameCobj*]: djypeO = HeadiopjAed*) 

d_type2 = G<?t_0/>_f;y)be(I[djype$narne[obj*!O, ce) 

in 
I ncludesidjy pe2, djypel) A Cop-dedsidjype, TaiKopjied*), ce) 

We use Includes instead of strict equality because GetjopJ.ype can return the type 

routine (if interface specifications are being derived). 
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Gfr_o/>_ry/wlEd_type$name[ob j* J3^ce> ■ 
case d_type 
elem ErecordCcLcomp*]]! o/D_record 
tten kt^j^K^jhmd&+J!pmj&J&v* : - Bjsecord) 
objl* - Ma**_ofr/j(d_a>mp*Adjype) 
in 

C_op_typeiMime, Concartobjl*, ^f l^efsSpec*, ce) ... - 
«fcw ConeofCdjcomp*33 q/" Djoneof :u ; » ^ 
. then let op_sp»«f~ * Ontef^op^specsiijype to D.oneof ) 
©b#* - MaA*j<*/i(d_(|p|iy*Ad_type) 
in 

C.4ift£gg^4Mn& eeBcaftobjI^objlJb^jpec*, ce) 
elem d_proc of D_proc 

then C-Op-typeinzmc, obj*, Pr<Ktypi^^ipKMjpM&>, ce> 
elem djler of DJter ;o 1 [ 

rfon C_o/>_ry/!»€<name, obj*, Itertype^op^sptesidjttr), ce) 
f/rw routine of Routine + 

then C_op_type(n&me, obj*, RouUnt-Op_specs(), ce) 
*/<w CduCobjl*]]Jo/D_mod 
then case ce.specs<du) 

elem ECd_parm*I: opjspec*! of Tjspec 

then C-op-typeimmc, Concartobjl*, obj*>, ©p_jpec*, ce) 
e/je routine in Djype 
*/m idn q/" Idn 
rAm caw ceJhfoCidn) 

elem constraint of Constraint 

then Cjpa^fmijopitvmt, obj* , constraint to Op_decl*) 
else routine in Djtype ' 
else badin D_type 

Record^op^spees*. Pjrecdrd ** Opjspec* 

Oneof_op_specs: D_oneof -♦ Opjspec* 

Proctypc_op_specs: D_proc -♦ Opjspec* 

ltertype_op_specs: D_iter -♦ Op_spec* 

Although interface specifications for the record, oneof, proctype, and itertype 

type generators cannot be represented as elements of T_spec interface 

specifications for the operations of any particular instantiation can be represented 
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as elements of Qp.jSpec, as defined in Chapter 6. 

Routine jopsfxcs: -» Opjspec* 

Routint-fipspm returns the op_jpeci for the special type routtae, a J defined in 
Chapter 6. 

Mak€..objs(djype*) ■ r& if £«#*y<djype*) 

then nil In Obj* 
else tit djypt - «#«wRdjtype** 

obj » CMjyprte Valfc «yp« *n DjtypeU 
in 
Conrfobj, M*k0-ObjtiTeiU4jyp*'») 

C_o/>_ry/*<name, obj*. Qpjtpec*, ce> ■ H£ 

/rf Cnameitd_parm*3: djypel - HtatHapjtp*?) 

in 
if Etnptyiopjtpec*) 

then bad in Djtype 
*/j* // name - namel 

rA«n if C^parmsiobf, d_parm*. ce) 

M«n Sufartobj*. d*pajm*JMdn, djype) 
efr* b«d*nD_type 
else C-op-typeinime, obj*, Fotf<op_spec*), cei 

C_/>flrm_o/Kname. obj*, op.decl*) ■ r« let CnainelC©bjl*Jr<jyypeJ - tf«w«op_decl*> 

'« ... 
// £mp*jKop..decl*) 

rA«n badiaDjype 
else if name - namel a obj* » ob jl* 

then djype 
Wm C.fjr>iL»**najw& obj*, r^opjleel*)) 

Co7i5f_*x/»rj(expr*) * rec if Emptylexpr*) 

then true 
«/j« Const^expriHeaditxpt*)) a Con*r_«c/wj<r«wV(expr*» 



Const.exprK. objU ■ -'(obj.vaUj Idn) 

Parameters are allowed only as top-level constants; they cannot be used as 
arguments in invocations of constant expressions. 

Con st_exprK. id nJ ■ false 

Const_€xfti€djype$$£&mp*y] ■ Conrt_«i:£rIdjype$texpr: expr*]3 ■ false 

Const_exprJLupld_type'Hexpr)l * Const^exprl6ownXtxpr)J ■ false 

Con*L.**/>rl[eXprl cand expr2J . *.. CoruC«x^rCexprl cor expr23 s . a false 

Conjr_^xjbrIexpr(expr*)3 .'■ 
^ C©nJti.^sf/6t«(«xpr*) 

rA«n caw expr , , 

elem Eval: djypel of Obj 
then case val 

elem Cd_typel$nameCobj*33 q/"D_oper 
then CojuC/j^djypei) a ' 

Const^typesiReturnJypesitiJiype)) 
else false 
*/j* false 
else false 

/tott>7i_f)»/>«(d_type) ■ 
case djype 
elem Eproctype (djypel*) returns (d_type2*) signals (d_cond*)3 of D_proc 

then d_type2* 
end 

Const_types(dJype*) m rec_ if Emptytdjype*) 

then true 

else Const jtypeiHeadidjypf)) a 
ConsUyfusiTaiHdjyp?)) 

Const-typelanyl ■ Con jCry/wC type! ■ Con jCfj/wCbsdJ ■ false 

Conjr_fy/wCidn:D ■ Const^typefLd _recordJ ■ false 



Const-typdLdjsneot 1 ■ true 

Const_typcldjprocl • CensUypttdJterl • Cmst^p^rm^mi ■ troo 

Const-typ&djmodl ■ let CduCobfH - djnod 

in 

Sub st: Qbf x Wn* x D -» P ,,. 

Subst is used to substitute actual parameters for formal ©trimeters, and is defined 
for every docrwfr D. Stflrtofrf .Id^tftj^^ 

its third argument as follows. Let objbe an element of op J* and Jf f jdn be, the 
corresponding element of idn* (the two lists must be of Osjud length), The* Subst 
replaces all occurrences of 

idn in D jype in Val 
and 

idn in Val 
with 

obj.val 
We need to substitute for two different forms because formal type parameters 
appear differently than other formal parameters. However, no Idn win occur in 
both forms. 
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5.4 Expressions 

The major functions defined in this section are: 

^expression: Expression xCE-» Expr X CE 

Cexpresstons: Expression* X CE + Expr* x CE 

Convocation: Invocation x CE -* Expr x CE 

Type_of: Expr x CE -» Djype 

Typesjof. Expr* x CE -» Djype* 

Includes: Djype -X Djype -♦ Bool 

Include: Djype* x Djype* -* Bool 

Type-of and Types-of are used to obtain the syntactic types of expressions. Includes and 
Include define the type inclusion rule. 

Bad_expr(ce) s <Obad in Val): (bad in Djype)! in Expr; cettrue • err]> 

C^expressionsiexpresiion*, ce) s rec 

let <expr; cel> » C-expression(Head(txpreuion*), ce) 
<expr*; ce2> - C-expressions(TaiHexpruiim*), eel) 
tn 
if £>n /^(expression*) 
then <nil in Expr*; ce> 
else <Cons(expr, expr*); ce2> 

C-expressionVL niO(ce) ■■ let djype - IEdu nu11 CD in Djype 

in 
<U nil in Val): djypel in Expr; ce> 

C_expressionlboo\Hce) * let djype - Cdu boo1 EU fci Djype 

in 
<C(bool in Val): djypel in Expr; ce> 

C_expression\LiniHce) * if LJnrtint) 

then let djype - Edu 1nt []1 in Djype 
in 
<(int in Val): djypel In Expr; ce> 
' else Bad_exprt<xY 
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C_«c/>r«jfonEreaU<ce> * if L_reo/(real> 

then let djype - tdu r<t1 HI in Djype 
r«all - Apfr&Xra* 
in 
<<ream In Valfc 4 JJP^4» E*pr; ce> 
Wj* Bad_**#r<ce). , 

Cfx/wwionEcharKce) ■ </ L_cA<xr<char) 

(Am /«( djtype - C«fc tlwr til in Djype 
in 
<<char in Val): djype] '«i Expr; ce> 
>W* &KU*£rtce) 

C_«x/7r«iionC$tring3(ce) ■ if Lstringi string) 

(A«n fef djype - Edu, tr ,„ B C31 in Djype 
M ...•:«■.:.•-.- 
<Ostring in Vat): djypel M Expr; ee> 
else Bad^txpriat) 

The parser produces elements of the domains int, Real, Char, and String that 

correspond exactly to the literals used in the text. However, in implementation 

can impose certain restrictions as to which elements area*tu»% Jtfal »rtd, in the 

case of reals, need only provide approxiitttttons tfc i.tMl 'ttjltlMd vafoies. These 

restrictions are embodied iri the functions Ljfif, LjiW JUtNfri LJinng, and 

Approx, as defined in Chapter 6. 

C_^/>y«5ionCtype_spec$nameCcons^nt*^l<ce) ■ 
let <d jype; cel> -. C_(y/»*_i^<c<type_spec, ce) 
<obj*;ce2> - Cb^wBwftftwstaat*, eel) 
in 
C_rf_o/>«r(Cd_typeinameEobj*31, te2) 

C_rf_o/*r<d_oper, ce) ■ let djype - Get_op-typH$jiptsr, ce> 

. in 
if djype is Bad 
then BatLexprioti) 
else <E(d_oper im V*l)« djypel In Expr; ce> 
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C^expi essionJL idnCeonstant* 33<ce) ■ 
let info « ce.info(idn) 

in 
if -(info is D_typc v infdixObj) 

then let <obj; cel> - C_«rartonr<Cidn[constant* 33 in Constant, ce) 
in 
1/ ob j.d_type* is Type 
then Bad_expr(cel> 
tlu <©bj in Exfr; cel> 
«/j* t/ constant''' i* Constant 

f/ten i*r expressionl - id n in Expression 

in. 
caj* constant* io Constant 
Wtfrn ex pression2 0/ Expression 

then C_«x/>rmion(£expressionlCexpression2II in Expression, ce) 
<?fcm type_spee of Type.jpec 

iAtfn Bad_expr(ce) 
else let expression - constant* to Constaht fOL-in Expression 
in 
C_«3c/>r« jion(Cexpressionltexpression2H in Expression, ce> 
rtse Bad_expr(ce) • ■•-.■••*■.■ 

If the idn is not a variable and does not name an object, the construct is checked 
as a constant expression. Otherwise the consiruct is onh/ legal if it is an 
abbreviation for an invocation of a "fetch" operation, in which case there can be 
only one constant and that constat cannot bt a *yp«_sp«c. 

C^expressioni idnJ(ce) ■ if ce.info(idn) is D„type 

then <idn in Expr; ce> 

else let <obj;cel> - CconjionfUdn in Constant, ce) 
in ' . " ' ' 

if obj.djypeii Typo 
f A*n. Badutxpficel) 
else <obj in Expr; cel> 

The idn must be either a variable, a non-type parameter, or a constant expression 

to be legal. 
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C^expressionS. in vocation J(ce) ■ let <expr; cel> - C^nopetf^Jnvocation, c«> 

in 
owe expr 
«km invoke 0/ Invoke 
(Am.V /If^MJI^tovoki, ctD^Djype 
fA#n <expr; csl> 
else Bad^pprlcttt 
else Bad^exprictl) 

An invocation can return only one object when used a* *« expression. 

C_iTjz;ocario7ilTexpression(expression*)3(c«> ■ 

let <expr; cel> « C_jxpressloniexpretiion, ce> 
<expr*; ce2> - C_ex/»r«j<oru(expression*, «eU 
in 
C_ca//(expr, expr*. ce2> 

C_ca//<ex pr, expr*, ce) ■ 

let djype* - ry/wi^o/texpr*. ce> 

in 
case r^oij/Texpr, ce> 
elem Cproctype (djypel*) returns (d_type2*) signal* <djcond*)J $f J)_proc 
then if Included Jypel*. d_type*) a C_rf_ttn<*j<d_cond*, ce.handte»> 
r^h <f expr (expr* )1 in Expr; el> 
<?s* ZfcwLwsjMfce) 
«/*« Bad^Axprlce) 

For an invocation to be legalthe arguments must ke of > thecoma .types, and all 

exceptional conditions that can be raised must be legal with respect to the 

surrounding handlers. 

C_rf_conrfj(d_cond*. handle*) ■ rec if £m^fy<djcond*) 

then truf 

else C_d_cond<//*a<Kd_cond*>, handle*) a 
C^d^amdsiTamjoond*), handle*) 
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C_rf_contf<d_cond, handle*) ■ rec 
if Emptyih&ndte*) 
then true 

else case W*arf(handle*i ...-■•.. 
elem name* of Name* 

then d_.cond.name « name* v C-dLcoiuftdjcond, TatfChandle*)) 
*/em <name*; djype*>of DJiand 
rAen (/" d_cond .name e name* 

ffon d_cond.d Jypes » d Jtfpe* 
<to C_«Lamrf<djcond, 7ctf(handle*)) 
<?/*m others <f Others 

then true 
end 

A handler need not exist for every exceptional condition raised by an invocation. 

If a handler does not throw results away then the types of the results must equal 

the types of the receiving variables. 

C_«/>r«jionCtypeijspec^ieW + >3(ce) ■ 

let <d_type; cel> - C_r^_i^«Ktypejspec, ce) 
<comp*; ce2> - C_/fctas<ftekl*, cell 
compl* - Orrf*r(comp*lname, comp*) 

name* - compl* i name 

djype* - ry/xj_fl^compi*iexpr, ce2> 

in ..-■.•■•' ';.:■ 

case d_type 
elem Irecord[d_comp*U o/Djrecord 
then if d_comp*iname - name* a /nc/u^d_£Qmp*4d_.type, djype*) 
then <Cdjype$<comp*)J in Expr; ce2> 
else Bad_exprict2) 
else Bad„exprtct2) 

The order and grouping of components in the text dees not matter but every 

component must be initialised with an object of the proper type. The components 

are reordered only for type-checking; they appear in the transformed expression 

in the order in which they were written. 
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C-fieM si fieM,*, ce) ■ rt£ 

let Ename*: expression! - HeadifuM,*) 

<expr; cel> - C_#x^r«Jten(expre»*ion, ce) 

compl* - Get^compsintme*, expr) 

<eomp2* ; ce2> - C-fieldsiTaiHtteta*t, «ef> 

in 
if Emptyi field*) 

/A<-n <nil in Comp*; ce> 

else <Concartcompl* , comp2*); c«2> 

Get„compsin&me*, expr) a r*c /«* comp - E//M4<ttunc*>t exprJ 

comp* - GiCcow^rtfOiojun**), expr) 
*n 
</ £*#3Kname*) 
fA«n niUnComp* 
rfw Coni( comp, comp*) 

C_*x/>rfjj/onIEtype_spec$Cexpression*H(ce) ■ 

C^expresslonltypcjpeciui in Int in Ex pretsionh expression* IKce) 

C^expre ;5ton[type_spec$£expression: expression* Xttet) ■ 
let <d_type; cel> - C_fy^_j^*cUype_spec r ce) 
<expr; ce2> » C_*x/>r«d<m(expression, otl) 
<expr*; ce3> - C_expressiontiexprwittH* t ci$ 
d_type* » Types-ofiexpr*, ce3) 

cajf djype 
e/<m Edutobj*3Ia/DjRod 
M«n t/ du - du, rrty 

fA#n let obj - obj*roObj 
*n 
if InUgMexpr, ce3) a lndud*KJUH^^*\ to Djypft <Uype*> 
M«n <Cd_type$Cexpr; expr*31 in Expn ce3> 
rfje Bad-txpri&& 
else Bad^expricei) 
else Bad^ex price® 
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C-expressionKl orce[type_specDKce) ■'..... 
let <d_type;cel> - C-typt^sptdiy^t^tc, ce) 

obj* - E(d jype in Val): (type tn DjypeO in Obj* 

d_mod - Edu forct tobj*3I 

d jypel* - any in D jype in Djype* 

d_type2* - d Jype in Djype* 

d_cond* - C(Vrong_type"inr««tteKfiiUaDjyp^)lMDjcond* 

d_proc - Iproctype (djypel*) returns (djype2*) aignals (d_cond*)3 

in 
if d_type is Bad 
then Bad_expricel) 
else <(C(d_mod in VaJ): (d_proc in Djype)]; cel> 

C_*x£r«Ji(mfl: up(expression)]<ce> ■ let <expn cel> - C_«xjpr*ttbm(expression, ce) 

djype - Type-eflexpr, eel) 
in 
(/" cexluster a /nc/urfw(ce.down, djype) 
fA*n <£upCce.up3(expr)l <» Expr; cel> 
e/w BadLexpficel) 

We explicitly include the abstract type in the transformed expression because it is 

needed to define evaluation. 

C_<?x/>r«ito»iB:d.own(expression)3(ce) ■ let <expr;cel> - C_«r£r#ttton<expression, ce) 

djype - Type^iexpr, eel) 
in 
</ ce.cluster a d jype - ce.up 

then <Idown(expr)J in Expr; cel> 
else BatLexpriai) 

C_«x/>r«ttonCexpressipn.narne]l<ce) ».. 

C^op^calliMfLgetJmime), expression *n Expression*, ce) 

Add_get_: Name -» Name 

Add^geu simply adds "get_" to the beginning of the name. 



--.,'..:... 'Siftii't' 
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C_*x/>r«jtonCexpressionU>xpression2B<ce) ■ 

let expression 4, - <expressionl; expresi4on2> in Expression* 

f n ■ ■ ■.- • . "■ ... . , ¥ _ . , . ^ 

C_o/?_ca//("f etch" in Name, expression*, «£ 

C-expressiorfiL** expressionKce) ■ 

C^/lM^C^ojft'^^aife, expression in Exj^esjitan*, *> 

C-.expression1~ expressionKce) ■ 

C_o/>_caW<"m»nu$" in Name, expression <n Expression*, ce) _ ^ 

C_«x/>r«iif>nCexpressionl bin_op expression21<ce) ■ 
if binjop « Ba«_o^bin_op> 

then Ut expretsioq* » <expressionl; expressions In Ex^NWj^n* 

.-fn ::.''.. 

C-op-calHOp^nameibinj^p), expression' 1 ', ee) 
else '..let bijijopi •? l^^^b>njop) 

jejcprefsioj*^- Ctxj>r«^on|,b|»jBpl expression?] In Expression 
'/n " " '' v '" : '.*,"*. ._ ;..'",■ '_ ^ 
C_«c*r«rioB(i> expressions! in Expression, ce) 



Op-.namdL**l ■ "power" in Name 

Op^namelf/l * "mod" in Name 

OfurutmMf$ m "tHVMn Wamt 1 - 

0/>_nawuC*3 * "rwiT^nName 

O/j^namfCIIJ ■ "concat" in Name 

Op-.namc\L+l ■ "*dd"¥*Nime 

0/»_nam<€ ->3l » "Sub* W 1*M»e 

0/fr_n<w<£ < J ■ "It" in rflrtne* ' - 

0£_nam<€<«3 . * "le" in Name 

0/»_na»uC =3 ■ "equal" in Name 

0/>_n«7mflE>s3 ■ "ge* in Name 

0£_wrmdE>:D ■ "gt" in Name 

Op„nam<€ &3 ■ "and" in Name 



■.'-U 



Bai«^^^y^p.-*Mi.^d|in»oo* . 
BasejDpl/fl ■ C//J in Binjop 
•Baseu9p£ft <««»*l*w#i«iJ»#^ 
JBtm^X.*! m C«3 in Binjop 
AfM^CUi # CII|L In Binjop 
««IM^I«3 ■ C*$ In Binjop 
#a*L4/&-J ■ £-] in Binjop 
mtseuoffa.* ■ t<3 in Bin_op 
Bew_*irt~<3 ■ E<3 in Binjop 

Bej*.j>j£«I * CO in Bln.op 
flewj^C-^V'tWtt B*i_op 
Ba«_o^>*J . » gNfPin- Bteiopr 
fieM^^C^a] « C>b3 In Bthjop 
B«<j>^C>3 ■ C>3 In Binjop 
Basej»fX.->1 ■ [>3 in Binjop 
Bast_fipL*J m CliJ in Binjop 
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Op-nameUl ■ "or" in Name BastjspUM ■ CiJ in Bin_op 

C-op^calH name, expression*, ce) ■ let «expr; cel> - Co/UniKname, expression''', ce) 

in 
case expr 
elm Invoke qf Invoke 
then tf Result_types<.knvokt, eel) is Djtype 
Men <expr; cel> ' 
Ww floO*/»-<cel) 
else Bad^exprictl) 

C_o£_iny<name, expression*. ce> ■ let <expr*; cel> • C_#x^r«*ton*<expression + , ce) 

djype • Tjpe^&Headiexpr*), eel) 

<expr;ce2> - Cd.^rddjypetnameEn, eel) 
in 
CLcaMexpr, roiflexpr*), ce2) 

For abbreviated Forms of invocation, the exact operation to invoke is determined 

by the type of the first argument, 

C_«c£r«tt'onl[expressionl cand expression2I(ce) ■ 
let <exprl; cel> - C_«xfroji<m(expressionl, ce) 
<expr2; ce2> - C_«^#*ii^<expeiile«2; cett 
in 
if Boolean(exprl, ce2) a Boo/«m(expr2, C«2) 
then <Eexprl cand expr23 in Expr; ce2> 
else Bad-exprict%) 

C^expressionKexpremonl cpr expres$ion23<ce) » 
let <exprl; cel> • C_«c£m*i<m<expreMionl, Ce) 
<expr2; Ce2> - C_^pr*«ion<expres*ton2, eel) 
in 
if Booleantexprl, ce?) A Sootazn(expr2, ce2) 

then <Eexprl cor expr23 in Expr; ce2> i 

else Bad^ex price® 

Boolean(expr, ce) « Typejofltxpr, ce) » (Edu,^, CD in Djype) 
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Boolean j(expr*. ce) ■ rjic if Empfyitxpt*) 

then true 
else BooleaniHwHcxpr*), ce) a BrnthnsCTtUUmpr*), ce) 

Integertexpr, ce) - Typtuoflexpr, ce) - <I«*% t CM *>i Djype) 

7>/*_3/1EobjIfcer ■ dtij.djype 

ry/><-_q/l[idn]l(ce) ■ ce.irtfifttdft) to Djype 

ry/>«_o/Cd_type$<comp*>Kce) ■ djype 

Typejofiti jype$Cexpr: expr*|3<ce) ■ djype 

ry/»<_o/CupCd_type3(expr)J(ce) ■ djype 

ry/»f_o/Cdown<expr)3<ce) ■ ce.down 

Type-oflLexprl cand expr2J<ce) ■ Cdu fcotf1 CD in Djypt 

Type_ofLtxpx\ cor expr2l<ce) ■ Idu bMl HI **DJype 

Type_ofL in vokeJ(ce) ■ AMuftJy^efUnvqta, *»)*> Djype 

Types-ofiexpr*, ce) ■• r« (/" £m^e»pr*) 

rA«n ntUaDjype* 
else Cons(Type-ioJiHe4uHeKpt% ce), 
ry/*j_<jfCr«J/(expr*), ce)) 

y?<»ju/r_ry/>«B:expr(expr*0(ce) ■ Return^ipes(Tyfaj0$p*, ce)) 

lndu(ies_a!Hd_type, djype*) ■ */ Emptytd jype*) 

rAen true 

Wm /ndu*«(djype, tffoWdJype*)) a 
lndudts-alt(6jype, Ve^djype*)) 
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/nc/urfdd jypel*, d_type2*) ■ r« if £m^fy(d jypel*) v EmptfdJ.yp&*) 

then d jypel* - djype2* 

else IndudesiHeatHdjypel*), //«u«djype2*» a 
IncludeiTaUidjyptl*), 7*<tf«djype2*» 

The two lists must be the same length and each type in the first list must include 

the corresponding type in the second list. 

/nc/urf«(d jypel, d_type2> ■ if djypel is Bad v dJype2f*Bad 

then false 
else if djypel - <Jtjype2 V djypet ti Any 

then true- 
else if 'djypel If Routine 

then djype2 is D_proc v djype2 is Djter 
else if d Jype2 is Routine 

*A«n djypel fc Djwoc v d Jypel is Djter 
*/*«' false 

The type bad does not include and is not included in any type. The type routine 

includes and is included in every procedure and iterator type. 
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5.5 Equates 

In this section we defin* the legality and meaning of equates with the function 

C-eqiiatis: Equate* x CE-+ 6$ 

We also define the function 

Addanfo: Idn x Info x CE -» CE 

which is used to define kxal identifiers. 

Equates are checked as follows. We define * fMncUon domain Perm, consisting of 
permutation functions for the domain Equate*. That is, elements of this domain have 
functionality 

Equate* -♦Equate* 
and each element of the domain satisfies 

perm<equate*> c equate* a equate* c perm(equate*> a 

5am*_fize(equate*, perm(equate*» 
for all elements of Equate*. To check a list of equates, we collect all permutations of the 
list that are legal when checked in linear order. If at least one such permutation exists, 
then the equates are legal. The meaning of the equates is then obtained by evaluating one 
such permuted list; since all legal permutations will have the same meaning, the particular 
one we choose does not matter. 



C_«f Maf«(equate*, ce) « 

let eel - cetf alae • err] 

ce* - (ce2 1 3permtce2 - £_<f uattrfpermiequate*), eel) a -»ce2-err3) 
in 
if Empty(ce*) 

then cet true • err] 

else //*ad(ce*)£ce.err • err] 

The use of set notation is informal here, as is the use of existential quantification. 

However, it should be clear that one could define a computable function to do the 

same thing. 
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£_*?ua/«(equate*, cc) ■ re£ if £»#y<e<|uate*> 

then ce 
else let eel - £_«fitaf*<//«fci(equate*), ce) 

£_tfuoif5(?'ai/<equate*), eel) 
£_*?u<ir«Eidn ■ constanO(ce) ■ to <obj; cei> - CLconjfanrtconjtant, ce) 

^drf_in/b(idn. obj in Info, eel) 

£_€?uaM[idnl s idn23(ce) ■ c<u< ce.info(idn2) 

elem tseto/Tset 
Men to eel - criCoru(idn2, ce.used) • used] 
<n 
^<Un/<Kidnl, (set in Info, eel) 
*/w to <obj;cel> - C_c«uf«nr(idn2 in Constant, ce) 
in 
AddanfoitiMi, obj in Info, eel) 

£_^uar<?Eidn s type_setJ(ce> ■ let <tset; cel> - Cjtypesetityptjet, ce) 

■'■«n 
Addjinfstito, tset in Info, eel) 

The definition of C-typeset is deferred to section 5.7. 

£_€?uaf«Crep ■ type_spec3(ce) ■ to <d Jype; cel> - C_typ*_s peci type_>pec, ce) 

in 
1/ ce.down is Bad a ce.cluster 
Men celCd_type • down] 
else celt true • err] 

The representation type can be defined only within a cluster, and only once 

within a cluster. 



Adti-lnfctidn, info, ce) ■ let eel - cetCttutidir, ceused) • t»««i] 

in 
If cefetfotidR) ts Nona v -<idn e ce.used) 
f^n ter infojaap - ce.infdidn 4- ftnfol 
Hi 
ceKinfojnap i irfftfXCdfUiftHli e*».fectW « kfcab] 
Me celttnwl* errl , ' ■ • { *'' :;l - " 

An idn cannot be defined locally if it has been used as an external reference or if 
it is already defined kxatly. 

5.6 Statements 

The major functions defined in this section are: 

Cstatenmtx fctiteWenf* "CS ■** Itiffc x CE 

CJtid?. iocty H CE 4 mftk CE 

C_xbody: Dec!* x Body xCE-» tijype* X Unit X CE 

Restore: CE ^ €E -»#«** CJI 

C-xbody is used to check those tag, when, and other* arms in wjiich ?ariabte declarations 

appear prior to the body. Restore is used to reset W**&i at the end of a scoping unit, and 

to generate a list of all viriaWeV d#i«el in that >-feimVtnt arguments ire the CEs before 

and after checking the Unit, flsfleH#e^. 



C_6orf)£equate* statement*J(ce) * 

let eel - £if^«tajuite*, ce) 

<stmt*;ce2> - CjimfafcMtiMmt*, W) 
<idn*;ce3> - Restored, c!0 

in •■ ■-.'■■ ■- • - '■ : ' 

<Estmt* local idn*l; ce3> 

Restored, ce2> ■ F&Jn/(Kce2.1ocals, ce2.info, ceUce2.u»ed e usedXce2.err e err]) 
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Fix^infoddn*, info_map, ce) ■ rec 
if Emptyttdn*) 

then <nil in Idn*; ce> 

else let idn - HeadUdn*) 

<idnl*;cel> - FixJ,nfc*TaU(i<in*), info_map, ce> 
in 
if idn € ce.locals 
then <idnl*; cel> 

else let infojraapl - cel.infotidn «- nen* in Info] 
ce2 - celCinf ojnapl • info] 

in 
// info_map(idn) is Djype 
rAfli <C^n«(idfU idnl*>i ce2> 
Wj« <idnl*; ce2> 

Only those idns defined local to the given scoping unit are made undefined, not 

those defined in a surrounding unit 

Bad-stmrtce) m <none in Stmt; ceCtrue • err]> 

CstatementslstMcment*, ce) ■ rec 

let <stmt; cel> - C_jfaf«n*nf<//«u«statement*), ce) 
<stmt*; ce?> - C_jfafem«nfj(7*ctf (statement*), eel) 
*n 
t/ £m/tfy(statement*) 
then <nil t'n Stmt*; ce> 
else <Conj(stmt, stmt*); ce2> 

C-statemenfcdccmu) a <non« in Stmt; CdecMdecl in Ded*, ce)> 

Declarations will not cause any immediate action during execution. 

C_rf*c/j(decl*, ce) ■ rec let Cidn + : typopecl - Headidecl*) 

<d_type;cel> - Cty^cj^frftypejtpec, ce) 

ce2 - Add_lnfosildn+, d jype m Info, eel) 

in 
// £m/>fy<decl*> 
then ce 
</j< C_rf«c/*(rc//(decl*), ce2) 
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Add_infosU4n*, info, ce) ■ re£ if £mjMjKidn*) 

then ce 

else let eel - A4iUnfiAiJimiim% info. ce) 
in : -" " , 

JMdLttgfafrfcffMfi*), Htf©, eel) 

CtfafiminfCidn: type_jpec :s expression J(ce) ■ 
/*/ <d_type; cel> - C_fy/«_j£«<typejspec, ce) 

ce2 - MdjmfikOAni djype** f»f* **» 

<expr; ce3> - C^^rmioMexprestion, ce2) 
in 
1/ /ndurf«(d_type, Type^ofiexpr, cel») 

ffon <E(idn in Idn*) :« (expr f* Expr^J tfc Stmt; ct9» 
else Badstmticel) 

Cstateme n/Cdecl* :s invocationKce) ■ 
to eel - C_rf«c/5<decl\ ce) 

idn* - D*«jf<dec1*Aidns) toJLn Idn* 
in 
C_.$rar*men/<Cidn + :* invocation] in Statement, ceM 

Cstatemenfci&n* :s invocationl(ce) ■ 

to <d_type*; cel> - G#f_rf«Midn + , ce) 

<expr; ce2> - C_inwx<«i«i(in vocation, eel) 
in 
case expr 
W<w invoke of Invoke 
then if -.Di#&«*«<#n + > A fnclud^d^g^^ J^/^^^t^*, ^S)> 
then <Cidn + :r invoke! in Stmt; ce2> 
else Bad_stmt(<x2) 
else Bad-stmt(ce2> 
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C^statement\Li6n* :b expression + J(ce) ■ 

let <d_typei*; cel> - ^et^jUcisUdn*, ce) 

<expr*; ce2> - C_expresstons(expres»ion* , eel) 
d_type2* - T^et^vf^ &® 

in ■■ , ■ -,■..,, . '; *,...,■'., . , ¥ . .' ,- 

*/ -Du/»«car«(idn + ) a /ncfc<<«<d..lj!pel*, djjp«2*) 
M*n <Cidn + :« expr*J *n Stmt; ce2> 
else Bad_stmt(te2) 

Each expression must evaluate to a single object 

Get^declsttdn* , ce) ■ ra 
</ £ra/>ty<idn*> 

rA«i <nil in Djype*; ce> 

*/j* to <d_type*; cel> - C#f_rf«/*<Tai/<tdn*>. ce> 
in 
ccj« ce.tnfo<«*arf<idn*)) 
elem djype of Djype 

then <;C^ii<d_type;djype*>; tel> 
<?/ j* <Conj( bad in D_type,d_type*); celttru«« err] > 

The idns must be declared variables. 

C-jratewKwrOnvocationKce) ■ let <expr;cel> - OJni«*«<m(invocation, ce) 

in 
case exp'r 
^#m invoke 0/ Invoke 

then <in voke tn Stmt; cel> 
else BatLMmHcel) 

C_jra^w«n<fl[expressionl.name :b expresslon23<ce> ■ 

let expression* - <exprejsionl; exprewion2> in Expression* 
<expr; cel> - C_o/U7ivUtf<Otf_<name), expression" 1 ", ce) 

in l ' ■' ' 

case expr 
elem invoke of Invoke 

then <invoke in Stmt; cel> 
else Bad_stmticel) 
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Add_set_: Name -♦ Name 

Add„set_ simply adds "set_" to the beginning of the name. 

C_statement[expression\Lexpresiion21 1* tKprwittl&kie) • 

let expression*- «xpressionl; expression?; expre*»tonS> in Expression* 
<expr;cel> - C^p^n^m^^^m-^i^i^^ ee* 
in '-"- '' r ' r:i ~ ' ' 

c<ue expr 

f/fm invoke of Invoke 

then <invoke in Stmt; cei> 
else Badstmtieel) 

CstatementVif expression then body elseif jtrm* endl(ce) ■ 
/<* bbdyl - Onilin Equate* Mn I Nn Statement*)! 

in 
Cstatementl. if expression than body efeeif jirm* a l ee bo dy l e»d3(ce) 

CstatementlH expression than bodyl elieifjffli* a4afubfdj^ .£*&&■. " 
let <expr;cel> • C^^^fi^aapffSlion, ««> 
<unitl; ce2> ■ C-ierf^bodyi, eel) 
<elseif*; ce3> - C_Wj#i/i<e!seif_arm* t «2V 
<unit2;,se4> - C-*^y<body2, ceS) 
in 
if Boolean(expr, ce4> a Bco/tfaiutelseif'lexpr, cH> 

then <Iif expr then unit! elseif* else unit? end! In Stmt; ce4> 
else Badstmrtcti) 

C_f/j<?//i(elseif_arm*, ce> ■ rec 

let E elseif expression than body J - ^Mffle^ifjtfm*) 

<expr;cel> - C^$fi^e£p^*>* ««> 

<unit;ce2> - C_Jc^y(b^|y, ctl) 

elseif - Celeeif expr Man unit] 

<elself*; ce3> - C-*lsttftiT*tH&*tijtrm*h ce2> 

in 
i/" £»i£fy<elseif jirm*) 
then <nil in Elseif*; ce> 
else <Coni(elseif, elseif*); ce3> 
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Cstatemenfc while expression do body endJ(ce) ■ 
let <expr; cel> - C_tx/>r«uton(expression, eel 
<unit;ce2> - C-bodytbodf, cetfttue e toop3> 
ce3 - ce2Cce.loop • loop] 

in 
if Booleaniexpr, ce3) 

fAen <C while expr do unit end] in Stmt; ce3> 
else Barf_jfmf <ce3) 

Break and continue statements are allowed in the body. 

Cstatementi. return(expression*)3(ce) m 

let <expr*; cel> - C_ex/>r«jfonj(expression*, ce) 
d_type* - Types-oflexpr*. eel) 

in 
if (ce.iter a £m/»ry(expression*)) v (-•ce.iter A 7nc/u<fr<ce.resuUs, d Jype*)) 
then let exprl* - C_otf*<expr*, celxvts, eel) 

<Creturn(exprl*)3 in Stmt; cel> 
else Badstmticel) 

An iterator cannot return any objects. , C^cpts U used, to make explicit all implicit 

ups. 

CstatementH yield(expression*)3(ce) ■ 

let <expr*;cel> - C-expresstmsiexpwmtom*, ce^rtv 
djype* - Types-ofiexpr*, eel) 

in 
if ce.iter a /nc/u<fc<ce.results, djype*) 

then let exprl* - C_«tfi(expr*. cel.cvu, eel) 
in 
<DIyield(exprl*)l in Stmt; cel> 
else Bad-Stmtlcel) 

Only iterators can yield objects. 
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C^statementt signal namefexpressiofi* EJtee) * 

let <expr*; cel> - C-expressionsiexprwion,*. <^ 
d_type* - Types-ojfexftt*, eel) 

<bool; bool*> - Csitftortte, djtype*. c&sigs) 
in 
if boot 

then let exprl* - C_«tfi<«cpn*, bool*. eel) 
in 
<£ signal name(exprl*)2 iW Stmt; cei> 

C_^g<name, djype*, sig*> ■ ree 

let <d_cond; bool*> - /#«k((sig*) 
Enamel (djypel*)3 - d^cond 
in 
if Emptylsig*) 

then <f alee; nit in Bool*> 
else if name - naroel 

then <lndudei6 Jypel*. d Jype*); boot*> 
else C2«|<f»artfl, djyM fatfttif*)) 



C_cvrj<expr*. boot*, ce) ■ r*c 
/«r expr - HetuHexpr*) 

exprl* - C-aHs<TaiHexpt*i, T atftbaaj*^ w) 
in 
1/ £m/»/y<expr*) 

fAon nil in Expr* 
else if Hea<Hboo\*) 

then Con j(£upCce.up3(expr)3 In Expr, exprl*) 
else Consitxpr, exprl*) 



■)^ 4 
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C-statementlexitnamc:lt*pre*$im*)lHa>) m 

let <expr*; cel> - C_«#r«ri<»u<expressioii*, ce) 
d_type* - Fji^M^tespr*, eel) 

in 
if C_*x«<name, djype*, cei.handles) 
then <Cexitnam«<ejipr^3*ii$tntt; y&> 
else Bad^stmHcel) 

C_exit(name, djype*, handle*) ■ ret 
if Emptyih&ndk:*) 
then false 
else case HtadihunAk*) 

elem name* of Name* 

then -(name « name*) a C_<rxMname, djype* , 7X/<handle*)) 
elem <name*; djypel*> of D _hand 
then if name c name* 

then d jype* - d jtyplt* 
else C_«rtf<name, djy]>e*, rotffnindle*)) 
elem others ^Others 

fA*n false 
end 

Local exits must have corresponding handlers, the result objects cannot be thrown 

away, and the types of the results must equal the types of the receiving variables. 

C^state m*nf EbreakKce) ■ if ce.loop 

then <breafc In Stmt; ce> 
«/j* fiacLrtmtfce) 

A break statement is legal only in the body of a loop statement 

CstatementKcon\lmi*l(ce) ■ if ce.loop 

then <continue in Stmt; ce> 
else BatLstmUce) 

A continue statement is legal only in the body of a loop statement. 
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CstatementL begin body «nd3(ce) ■ let <unit;cei> - t36#)fi&ati, ceV 

in ■ " ' ■ •' 

; <tb«gm unit OnoTfn Stmt; cel> 

C_jtarsm*nrl[tagc«a« expression tag _arm* end!lt<*> "m 

let <expr;cel> - C_ex^r«ri«<<txpr*ss*0n ( x*> 

<tag*; name*; djcompl*; ce2> « C^«|L<irjR^tagjafm + , «ill 
namel* » Or<fcr(name*, name*) 

in ' 
c<m Type^oflexpr, ee2) 

*/<?m ConeofCd_comp2*]3 qfDjoneof 
rAcn f/ namel* * d_comp2*Aname a djcompl* t «" jaittp*^ 
M*n <Ctagcase expr tag* *ndl in fttrrtt; ce2> 
rf« Jtf£jj*«*ke$ 
else BadstmUcel) 

The name list returned by Cjta^arms contains every name appearing on an arm; 

the d.comp Hst contains* name-dayp* {*a*r for f very name appearing on an arm 

with a variable. Each tag name must appear «jca«0y^««ae«n aome arm, and only 

tag names can appear. If an arm has a variable W^MwWk value part of the 

object, the type of the variable must equal the value type corresponding to every 

tag on the arm. 
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Cstatemen&tagcas* expression tag_arm + otherai body andJKce) ■ 
let <expr; cel> - C„expreuion(exprtssion, ce) 

<tagl*; namel*; d_compl*; ce2> .- Cjtag^armtiti^jkrm*, eel) 
<unit;ce3> - CU^body, ce?) 

( ag2* - App*n4fo%l*. Cothara: unit! in Tag) 

t'rz 
caw Typcoflexpr, ce3) 
tf/em Coneof[d_comp2*33 q/"D_oneof 
rAen if namel* c djcomp2*Aname /\ -Dupiicansimmel*) a 

-'5awf_j/z<{namel*, d_comp2*iname) A djcompl* c d_comp2* 
then <Ctagca«e exjpr tag2* and! in Stmt; ceS> 
*/j< S<z<f_jrmr(ce3) 
W« Barf_jfrof<cel> 

Each tag name can appear at most once, but lit teaftt one tag must be missing. 

C_fcf_crmj(tag_arm*, ce) m rec 

let <tag; namel*; d_compl*; cd> - C^tag^arm(H*<uHUgjirm*>, ce) 
<tagl*; name2*; d_comp2*; ce2> - C-tag„*rmWaiHtM%jirm*), eel) 
in 
if £w^ry(tagjarm*) 

then <ni\ in Tag*; nil in Name*; nil in Djoomp*; ce> 
else <C«u(tag, tagl*); CantaHwtel*, »ame2*>; Cwfttfta^compl*, d_comp2*); 
ce2> 

C_tag_arm\L tag name*: bodyKce) ■ 
let <unit; cel> - Cbodyibody, ce) 

in 
<Etag name*: unit3 in Tag; name*; nil in D_comp*; c?i> 

C_r<7g_cr»ifl:tag name* (idn: type_spec): bodyl(ce) ■ 

let deel* - Oidn in Idn + ): type_specl ia Decl* 

<d_type*; unit; cel> - C_xtorfy(decl*, body, ce) 
d_comp* - C«r_rf_com^(name*, d Jype* to D_type) 

■ *n 
<|[tag name* (idn): unit! in Tag; name*; djcomp*; eel* 
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C_5ctof/y(decl*)Cequate* statement*]Kce) ■ 

let eel - Cequatesi equate*, ce) 

ce2 - C_rfec/j(decl*, eel) 

<d_type*; ce3> - Get-decls(Delist(dec\* lidns), ce2) 
<stmt*; ce4> - Cstatementslstilemenl*, ce3) 
<idn*; ce5> - Restored, ce4) 
in 
<d_type*; Estmt* local idn*3; ce5> 

The declarations can make use of the equates in the body. 

C_statement\Lfor deel* In invocation do body endKce) ■ 
let statement* - Makestatementsideci*) 
idn* - Defor<decl*iidns) 

statement - IE for idn* in invocation do body end! in Statement 
bodyl - OKnil in Equate*) ^/>/»enrf(statement*. statement)!! 

in 
C_statementtHbeg'm bodyl endU in Statement, ce) 

M ake^statement sided*) ■ rec 
if Emptyided*) 

then nil in Statement* 

else Const Hea<Hdec\*) in Statement, Make„statmentsiTaiUdec\*))) 

CstatementK. for idn* in invocation do body endKce) ■ 
let <d_type*; cel> - Get-decls(idn*, ce) 

<expr; ce2> - CJ.terJ.niA invocation, eel) 
<unit; ce3> - CJjodyibody, ce2Ctrue • loop]) 
ce4 - ce3[ce2.1oop • loop] 

in 
case expr 

elem invoke of Invoke 
then let EexprKexpr*)]! ■ invoke 
in 
if Included Jype*. Yield jypeskTypejfiexprl, ce4))) 
then <Ifor idn* In invoke do unit end! in Stmt; ce4> 
else Badstmt(ce4) 
else Bad-stmttce4) 
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C_t7* r_ini£expressiCHi(expres$|Ofl*);D(ce> ■ 

let <expr;cel> - C^>r«;ijon<ejcpressi©n, ce) 
<expr*;ce2> - C_<x/>r««tonj(expression*, eel) 
d_type* - Typs^expi*, ce?) 

in . . 
caw r>^_o/[expr» ce2) 
elem Dtertype (djypel*) yjelda *dJype2*> aianaJa <d_cond*)J qf P^ter 
then if /nc&^ddjtypel*, d4ype*> ; ,a C_<C«m<*j<d_cond*, ce2.handles> 
fA«n <Cexpr(expr*)J In Expr; ce2> 
«to Bad_expri<x2) 
else Bad_expr(ct2) 

For an iterator invocation to be legal, the argument! rmm be of the correct types 

and all exceptional conditions that can be raised must be legal with respect to the 

surrounding handlers. 

Yield-types^ Jy^) ■ 
case djype 
elem Otertype (djypel*) yield* <djtype2*> tlflnpla (djcond*)! o/DJter 

then ddtype2* 
end 

C_;raf*m*nfl[ statement except when_arm + endJ(ce) > 

let <catch*; name*; handle*; cel> - C_n/Am_arwj<when_jirm + , ce) 

ce2 . ceitC| undle*. ce.handtes) • handles] 

<stmt;ce3> . C_jraf«unf(*tatement, ce2> 

c « 4 - ce3tc%bandljes • handled 

in 

if ^Dupiieates(n*me*) /\ C^^nd^^/O, handle*) 
then <DIstmt except catch* «ndj in Stmt; c»4> 
else Bad_stmt(cei) 

The name list returned by C-mkmuamt contains every name appearing on an 

arm; the handle list contains an element for every arm. A given exception name 

can only be listed once in an except statement, An exception can be listed even 

if the exception cannot occur during evaluation. The failure exception can be 

raised at any time, and must-be legal with respect to every except statement. 
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C-statcmen&smetneni except when .arm* (Xherijirm eiMKKcel * 

let <catchl*; name*; handlel*; cel> - CiJtitiJlHW^jrih* , *«) 
<catch;ce2> * ' CJiMiiO^^iiW^, tef) 

catch2* - Xpfaum^;'WaM 

handle2* - AppituKh*n&tA*, attmrtln Handle) 

ce3 - ceaCCwtf^liattdfciHis*.^ tiandlitJ 

ce5 " - 'ceftdSlMtarfV haiWte»3 " 

in ....... 

if -iDuplicatesinzme*) a C_d_«m<«F«tf<), IttMfttPy 1 
f/icn <Cstmt except eatcht* ettd9 in Stmt; ct§> 

Fei/O ■ let name - "failure" *n Name 

djype* - Cdu itr1ng C3linDjypei*iDjype* 
in' 
Ename(d_type*)J 

C_a>/tenJirmJ< when_Srm* t ce) '* ■'*& 

let <catch; namel*; handle, cel> - C^htrutrn*H*^wimJitifci, ce) 
<catch*; name2*; handle*; ee2> - C^mktm^amsiTMUi^mjkrm*), eel) 
in , - . ... •,;. . . .._,..; v ..... r , ...... 

// £m/>ry(when_arm*) k 

then <ni\ in Catch*; nil in Name*; nil** Handle*; ee> 
else <CoTw(catch, catch*); Conwrthamei*, name2*); C*«<*i*ndlf. handle*); ce2> 

C_wAtn_ormCwhen nam%*td«tl*>! b^t*^ ■ 

let <d_type*; unit; cel> * CLxJwd^decl*, body, ce) 
handle - <nim^ dj^f^ ftHfcndii 

idn* - DMitito&tiM*^ *-^"-- - ■• 

in 

<|wt*e« name*iWii*^«tt«3i<»€a«lu ww»e^ h*iidi«r «e^ 

C_w A*n_armE when name*(*)s body3<ce) ■ 
r '" s 3 let <uriit;i£l> ^ Cjo^bc&y. ce) *" 

<C when name + <«): witi to JCatehs »ame + ; *a«ni;* i* Handle} cel> 
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C_others_arm\LoXhersi bodyKce) s let <unit; cel> - C_torfy(body, ce) 

in 
<Cothers: unit! in Catch; cel> 

C_ot hers_armKo\bers (idn: type_spec): bodyKce) e 

let decl* = OKidn in Idn + ): type_spec]] in Decl* 

<d_type*; unit; cel> = C_xbody(dec\* , body, ce) 
catch = [[others (idn): unit! in Catch 

in 
if <d_type* to D_type) = <Edu stri Ul in Djype) 
then <catch; cel> 
else <catch; ceKtrue © err]> 
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5.7 Interfaoe Spooitfioations 

The major functions defined in this section are: 

Derivespecs: Full jYtodule* XAvMMKjpp^HQI 

Interface specification* ,*#* obtiwed .:fft<L**ifNlllMN[ maimir. Firs*, the existing 
interfaces for the abstractions being implemented are cotttcted, and the special interfaces 
type and routino are installed, tltlfil ^is&r^ 4*ri*«d 

from each module. The external and internal M*fjf£^jf|[^iM * routine; «*** 
internal interface for a dustier contains the W&mm # a* duster routines, while the 
external interface contains only the interfaces of m'pemm& : *&mmm. the external 
interface of each module is checked against the interfaoe for the corresponding abstraction, 
if that abstraction has an interface. After a« ttrteif keel are derived, the external interfaces 
are installed; the internal interfaces are returaid for use wfcHi checking the modules in 
their entirety, as defined in the next section. 



D*r/y<?_j/*cj<full_module*, ce) ■ 

let dujspec* - GH„du^sfws(fvMjm^P±m&itie, ee) 
eel - /n«^^i^fu«jnotfiite*iwed»% 00 

in 
G*o/>««<fulUnodule*, dujspec*, eel) 
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Get-du_specsimo<\u\e* , ce) ■ rec 
if £m/>if)Kmodule*) 
then niUn DUjpec* 

else let du_spec* - G«t_du^peci(TalHmodu\c*), ct) 
idn - Get-.modMniHtad{mo6\i\t*)) 

in 
case ce.irtfo(idn) 
elem du o/DU 

then Conj<ce.specs<du), du jpec*) 
else Consi none in DU_spec, du_spec*) 

Gei_duspecs collects the existing interface oreach alWtraction. 

/ni/_.j£< , a<moduIe*, ce) ■ r<£ 
*/ £wt£fy(module*) 

M^n ce 

Ww /*f eel - /ntt_j£«:j(7*atf(module*), ce) 
idn '- CetJnO(LMntttw^mf^\kh) 

in .-■% :■.;:■- 

i/ Hearf<module*) te Cluster 

then New-spec(i4n, lyptfift ©U Jpec, cet> 
*/j* Newspedidn, routine- in DU_spec, eel) 

Initspecs insults the special interfaces. 

G*f_morf_*rfnlllprocedurel ■ procedurcidnl 

G<?f_morf_jdnlCiteratorl • iterator.idnl 

C<r_morf_^nCcluster3 ■ cluster.idnl . 

New^spedidn, dujspec, ce) ■ case ce.info(idn) 

elem 6u of DU 
then let specjmap - ccspecstdu <- du_spec] 
in 
ce(spec_map • specs] 
Wj« cettrue • err] 
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G*f_j/>«:j(fuH.jnodu1e*, dujspec*. ce) ■ rec 

let Eequate* moduleJ - H#«rf<fuH_module*) 

eel - C_e?u<tf«(equate*, ce) 

<du jpeel; du^pec?/ce2> * ^iri^llatrt^ <*^ 

ce3 r;t?i ' ; ^ ; irttl«tJBr# ; eW' f JW ' ■ 

<du_sped*; ce4> * C*r_J/w<:f<r«iftfull_R>oduk*>, TotfGiUjspec*), ce3> 

ce5 - Nttu^p<«C0L.m«U J * i * m) i *% <tojpec2, ce4) 

du_spec2* - CWMMuap^-^Ufy^' J -' ; ' . ss, ' ,v ' 

if £m/>fy<fulLmodule*) " 

fAen <nil to i)K*£jpet?;< «e» '. :. ■ ^,. -:,'■.-•■ • 
*/;* */ S«m<_5/»«(//*aW(cki_$pec*>, du_spec2> 

fAtn <du_ J spec2*: ce5> 
tf/itf <du_spec2*; ceKtru«oerr]> 

The first du_spec returned by Cet^spec is the internal interface; the second 

du_spec is the external injie^acj^ , ; |^^4^.,in«j^^ ;i t^^rnal interfaces and 

returns the internal interfaces. 

G«_j/*dEprocedureJ<ce) - ta . <r^gecjcejl*. i ^^_4/^r«^WJ^^ Routine, ce) 

<rjpec tot DU _soac; rjwfcjt DjUjpec; cel> 



jfiTG: 



Gtt^ipedL iteratorl(ce) ■ fcf <rjspeqcel> - G#f_r_i*«(it«fatoc r i» Routine, ce) 

in 
<r jspec in DU^pecj r joec ,^ J^iypec; |«^ 



* 
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G*r_j/*clEidnl b cluster Cdecl*] is idn* where restriction* 
equate* 
routine* 

end idn23(ce) ■ 
let eel m 5«r_opL.ncw«j(routine + , ceCtrue • duster]) 

ce2 - 0>rf#j<decl*, equate 4 , eel) 

ce3 - Cjrest rfc«<mj< restriction*, ce2) 

idn* - DWW<dex1*iidris) 

d_parm* - Get-d-parms(Uin*, ce3) 

ce4 - AdtLupjtyp4liAnl K idn*, ceS) 

<op_speci*; ce5> - G«r_o/>_j/*«(routine*, idn*, ce4) 
op_spec2* - C«r_«x(_.j/*cJ<op_*pecl*, Jdn + ) 

op_spec3* - Or<frr(Qp_spec2*4»aitie, i op_*pec2*) 

in 
<CCd_parm*]; opjpecl*3 in DU^peq CCd_parm*]: op_spec3*2 in DILspec; ce5> 

S«tf_o/>_Tiam«(routine*, ce) ■ rec, 
if Emptyiroutine*) 
then ce 
else let idn - Get^op-idn(Ht<uHroutinc*)) 

eel - yMd_fn/0<idn, routine in Info, ce) 
tn 
Set_op-names<TaU(TWiine*), eel) 

G*r_o/>_i*rfnCprocedure3 ■ procedure.idnl 

Get-Op JidnL iterator! ■ iterator.idnl 
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Add^up^typeiidn, kin*, ce) ■ 
if Emptyiidn*) 

then let <d_type; cel> - CjiypespediAn in TypcjuMC. ©t) 
in 
ceKdjype • upKnil in Obj* • parmri 
else let constant* - Af< ufn Constant* 

<d_type; cel> "- cJy^^^tf^|^B«|l^ + ^l in Typejpec, ce) 
<obj*; c«2> - C_« sfcnt*' ©si) ' . 

in 
ce2td .type • upXol|j* • pfurrtisl 

A/a*e_ccmjfanf*<idn*> ■ t$e {f £ m^tdn*) 

«/*# Coni</fea4(idfl*) in Constant, 

G*f_o/>_j/>*c.i(routine*, idn*. ce) ■ ri£ , * 

let <r_spec;ccl> - Getjr^sptdHeadiroatint*), ce) 

CCd_parml*3: djtypel • rjspec 

name - Mlk*_nam«Gtt^pJ^H*^t*»i«tm*)Y> 

d_parm2* •- m±4J&M<te&; <**) ! 

d_parm3* - CoRcaf(d_parro2*, d_p*rml*) 

op_spec - Cname£d!p*rti0(*1Njt|>*l - ' - 

<op_spec*; ce2> - G<t_x>p_jp*s(TaiKrwttiw*), Wtai*. cefcel.err • err}) 

i/" Emptyl routine*) 

then <nil in Op_spec*; ce> 

else <Cons(op_$pec opjpec*); ce2> 

The interface of each cluster routine is first derived essentially as if the routine 

were a module, and then the d_parim for the duster parameters are added to the 

interface. 
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Get-ext_specsfop^pec*, idn*> ■ nc 
if £mjMy(op. J spec*) 
then nil in Op_spec* 

else let CnameCd_parm*3s djypel - Headi6pjp«?) 
in 
if Make-idninzme) € idn* 

then Con*<//««<«op_spec*), G*t-txt^ip*csiTati<apjptc*), idn*» 

else Get-ext^specslTaUtoQj(pK?h idn*) 
The check that each idn names an operation, and that no idn is listed twice, is 
made later as part of the check of the etittire module; 

Make-idn: Name -» Idn 

Make Jdn returns the idn corresponding to the given name. 

Get_r_spec[idnl = proc Cdecll*] (dec!2*) return* (typejspec*) signal, (condjpec*) 

where restrtctWn* 
equate* 
statement* 
•ndidn2J<ce) « 
let eel - C_rf^i(decll*, equate*, ce) 

ce2 - C-reilricftonKr^striction*. eel) 

d_parm* - GeUd^parmiDetistidtcXl* iidnd, ce2) 

ce3 - C_A*KUfccWdecl2*, ce2) 

<d_typel*; ce4> - G«f_rf«:h<DWiJf<dect2*iidns), ce3) 
<d_type2*; ce5> - C_A«a<Uy£«<type_spec*, ce*) 
<d_cond*; ce6> - C_Aeorf_conrfj(cond_spec*, ce» 
<d_type; ce7> - C_/>r<tt_fy/x<d_typel*, diypeS*, d_cond*, ce6> 
name - MeJU_ncm«(idrtl> 

in 
<ICnameCd_parm*3: djypel; ce7> 

Getjrspec is used for all procedures and iterators, including cluster routines. 
The use of cvt is controlled by a flag V C& t& The environmefit is not 
restored at the end so that any restrictions on cluster parameters imposed by the 
routine can be collected by Get^»p„specs. 
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Grt_r_j/xcDdnl = iter [decll*] (dec!2*> ylelde <typ«_s*«c*) tJjpMte (oomOpec*) 

where restriction* 

equate* 





statement* 




end idn23<ce> ■ 


to eel 


- C_tf«/*<decll*, equate*, OB) 


ce2 


- Cf^tfi^rlfflin^rckrKtieri* 1 , eel) 


d_parm* 


- c«;_k_j&mj<i^Ki«tii*i)ai 


cell 


- C±**uUU*lSl&d&, «U^ 



<d_typel*; ce4> - &t^*mfti4^lto^,*® , 

<d_type2*; ce5> - C_A*aW_fy£«Uype_spec*, ce4) 

<d_cond*; ce6> • C_A<aW_cffrtdj<cond_spec*, ce|> 

<d_type;ce7> - C^iterJtjp^dJfptl*, djype2*, djcond*. ce6) 

name - MaJU_na»u<idnl) 

<CnameCd_parm*]: djype|; ce}> 

C_rf*/j(decl*, equate*, ce) ■ 
to eel - ceC false e err] 

ce* - (ce2 1 3(equatel*, equate2*. perm) 

[equate* '■ perrrrfConcotfequatel*. equate2*» A 
ce2 * C_rf#/f/(equatel*, did*, equat«2*, cet) a 
-*c*2.err}r 
in 
if Emptyia*) 

then ce( true e err] 

else //?erf<e**)[ce.err e err J 

Since parameter declarations can involve equa^d identifiers, we treat the list of 

declarations essentially as a single equate, and took for a legal reordering of all 

equates. 

C_^/ji(eqHatel*, dec!*, equate?*, ce) * let eel - C_#ft*««|(eauatel*, ce) 

ce2 - C„pem_d*cls<dK\*, eel) 

".■.'""' in ■ ' ,:f '^ v ' :: ■'.■■ ' 

C_*ftutf«<«quat*2*, cet* 
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C-pawL.decls<dec\* , ce) ■ rec 

let Eidn + : type^pecl - W«K«decf) 

eel - C_£crm_rf«cfo<ratf<d«cl*>, ce) 

in 
if Emptied*) 

then ce 
else if typejpec is Type 

then Add^nfosddn*. ni\ in Opjdecl* in Info, eel) 
else let <d Jype; ce??- - 03^LJ/*Uype.£pte, eel) 
■ in 

case d_type 
elem CduEobj*]! o/Djnod 
fAen if du 6 <du nu1 , ; du bpp) ; du 1nt ; du pMl ; du eh . r ; du, tr1nB > 

then AddJtnflsWto*, Ijfa&OMM&tolntol' cfo 
«fo<r ce&trtie • err] 
else ce2t true e err] 

6<f_rf_j8»arm5(idn*. ce) ■ rec 
let idn - //«a«idii*) 

d_parm* - G#f_dL^ar»w(r«tf(ldii*), ce) 
Jn 
*/ £m/>fy<idn*) . 
then ni\ in Djparm* 
e/j« caw ce.info(idn) 

elem opjdecl* of Opjdecl* 

M*n ConMidn: (opjdecl* in Constraint)!, d_parm* ) 
elem constraint 0/ Constraint 

then Coni(Cidn: constraintJ, ^l^parm*) : 
W5« C(mj<Cidn: (bej <n^j^ 

C_r«rr^rfen^fes»icti«i*, ee) ■ >k 
1/ £m/My<restriction*) 
then ce 

*/j« /*f eel - C_wfrfcfton<#««Kre«riction*), ce) 
in 
C_r«Mc«onj<ratf<restriction*), eel) 
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C_restriction1L id n has oper_decl + 3(ce) ■ 

let <op_dccl*; cel> • C_o^r.rf«/j(operjd*cl*, ce) 

in '"■"■' 

Add-op^declstitin, opjdecl*, eel) 

C-restrictlonZidn in type_*etJ(ee) ■ 

let <tset; cel> « OJflk_wf(type_set, ce) 

Eidnl has opjdecl* J ■t$et 

ob j . CUdti in Djypetn ¥i»i (typo t* BjypeO 

op.decll* - Sutortobj in Qbj*. idnUn Idn*. opjdecl*) 

in v 

Add_op__decls(idi\, opjdecll*, eel) 

C-type_sttli&r\\ J «Ir2 *#* tpjrjdecl* eo,uaie*|$fc$#> f , 



AddJlnfckiM, mi*Q$J&$in\nte, ce) 
C_«7u<tf«(equate*, eel) - r 

C_o£*r_rf#/j(operjdecl*, ce2) 
op jieel* in Constraint in Info 
/Mrf.tn/Widnl, info, ce£GelJ&ra«*r3) ; 
C_«f uattsioqaiu*, bfM* \. 
C_o/wr_rf<c/j(operjdecl + , ce5) 
Odnl has op_rfecll*J 
Restoreice, ce6) 



to eel 
ce2 

<op_decl*; ce3> 
info 
ce4 
ce5 

<opjdecll*; ce6> 
tset 

<idn*; ce7> 
in 
if idnl - »dn2 
then <tset; ee7> 
else <tset; ce7Ctrue • errl> 

A typejjet is treated much like a module heading. First the operjdecls are 

evaluated assuming the dummy parameter has any and all operations, and then 

the operjdecls are rechecked with complete »nfor*rati»n afe«it th* operations. 
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C-typesetZidnKce) ■ let eel - ceCCorutidn, ce.used) • used] 

in 
case ce.info<idn) 
elem tset o/Tset 

then <tset; cel> 
rtw <Cidn has (nil tn Op_d«d*)3; ceKtru« • errl> 

C_o/>€r_rf«:/j<oper_decl*, ce) ■ rec 

let Eoperjiame*: typejspeel - #«*<*<oper,dect*) 

<d_type;cel> * C^type^speeitypt^pec, ce) 

<op_decll*; ce2> - C-0/OT_naw«<operj*ame\ djype, eel) 

<op_dccl2*; ce3> - C_o^_rf«fr<r«a<eper_decl*), ce2) 

<n ■ ■ 
t/ Empty(operjAec\*) 

then <niUn Opjdecf ; ce> 
rtw if djype <j D_proc v djype is D Jter 

Men <Concar<op_declL*. opjded2*>; ce3> 
else <op_dec!2*; ceSCtrue • erri> 

C_o/><:r_ncm< , j(oper_name*, djype, ce) ■ ri£ 
/*« CnameCconstant*M - H«arf(oper_name*) 

<obj*; cel> - CLamrtanfticonstant*, ce) 

op_decl - CnameCobfJ: djypeJ 

<op_decl*; ce2> - C-oper-nanusiTatHoper jhlme*), djype, eel) 
in 
if Emptyloperjname*) 

then <nil in Op_dec1*; ce> 
else if L_^arm5<obj*, ce2) 

then <Conj<op_decl, opjdecl*); ce2> 
else <op_decl*; ce2Urue »err3> 

References to type parameters and to the abstractions being implemented are not 
allowed in the evaluated constants of restriction operjtames. L-f*rm performs 
this check. 
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Add^.op-.decls<idn, op_decl*. ce) ■ 
case ce.infoCidn) 
el em op_decll* $f Op_decl* 
then let info_map - ce.infoCidn «- Coaeotfcfude^VopjkcU*)] 

in : •. . 

cetinfo_map • info] 
else cet true • err] 

C-head-.<lecls(6ec]*, ce) ■ jrft 
t/ £m#y(d*cl*) 
fA*n ce 
*/j« /*f (Cidn*: type_spec3 - W«orf<decl*) 

<d_type; cel> - C_A#o<£_f#*(tyDe_»pec, colt 

ce2 - ^<W_fn/b5<idi* + , dJy##<» tefo, eel) 

in ' ,. 

C^A*arf_rf«fr<retf<decl*>, ce2) 

C-head-types{iype_spec*, ct) * rec 

let <d_type;cel> - C^keadjtypeiH toddy ftj^ec*), ce> 
<d_type*; ce2> - C_A*«rf_^^roi/(typejHpec*), eel) 
in 
i/ £m£/y(type_spec*) 

Men <nil /n pjtypf*; ce> 

<•/« <C<mj(d_type, d Jype*); ce2> 

C_A«arf_fy/*(type_spec, ce) ■ */ type_spec is Cvt a Mce.up U SmD 

rA«n <ce.up; ce> 
else C-typesptdtypejtptc, ce) 

Cvt is permitted as a top-level type specification |n declaring arguments and 

resuj^.. (including yield and signal resuki) of ckuter routines. When deriving 

interfaces, cvt is replaced by the abstract type. 
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C_foarf_«mdj(cond_spec*, cc) ■ rec 

let Ename(type_spec*)]| - //ead(condjspec*) 

<d_type*; cel> - C_A«ad_fy/>«<type_spec*, ce> 

d_cond - Cname(dJtype*)J 

<d_cond*; ce2> - C-h<a<Lconds{Tall(coi\djpK*), eel) 

in 
if £mjMy(cond_spec*) 

then <nil in Djcond*; ce> 

else <Cons(djx)nd, djcond*); ce2> 

Sawi*_j/vc<du_specl, du_spec2) » 

if du_sped i; R_spec a du_spec2 is R_$pec 

then Same„r_spec(<i\i jpeel to R jspec; du_spec2 fis> R jqped 
<?/*<? 1/ du_speclft T_spec a du_spec2 & T_spec 

then SameL-t-.spec(dajpGcl teT_spec> dti jq»ee2 lo T_spec) 
else dujtpecl is None 

The first argument is the interface from the library; the second argument is the 

derived interface. 

Sam*_r_j/tec(r_specl, r_spec2) ■ 

let ECd_parml*3: djypell - rjpeel 
ECd_parm2*3: d_type2J « rjq*ec2 
idnl* - d_parml*Aidn 

const ra in tl* - d_parml*4constraint 

idn2* - d_pa*m2*4.tdn 

constraint2* - ReptaceOAnl* , idn2*. djptrmlS^l constraint) 

in 
if Samesizettdnl*, idn2*) 

then Same_constraint j<constraintl*. constraint2*) A 

d_typel - Replaceddnl*, idn2*. djype2> 
else false 

Replace: Idn* x Idn* x D -♦ D 

Replace is defined for all domains D. Replace does a simple substitution in the 
third argument, replacing each occurrence of an Idn from the second list with the 
corresponding idn from the first (the two lists must be of equal length). 
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Same_const)aintsicon&lraintl*, constraint?*) ■ rec 
if £m/rf;y<constraintl*) v £m/>ry<constraint2*) 

then constraint!* « constraint!?* 
else if Same_constr<UnMT<tiKcon$tr*\nt.i*), fai/<constraint2*» 
then case A/<a(rf(constrirntl*) 

elem opjdecll* o/Op_decl* 
then cdse H#arf(constrairit2*) 

elem op_ded2* o/Opjdecl* 
then op_deeU* c op_dect2* a op_decl2* c opjdeell* a 
Samesizeiopj&tcW*, op_d*cl2*) 
else false 

else //^(consiraiiul*) - «M4<(^n|tmi«2*) 
else false 

Corresponding type parartwteFS»usti»aYe identical opjdeels, thwigh 'the order in 

which the op.decls are listed in unimportant Other coffeiporiding parameters 

must be of the same typ*. « 

Same_t_spee(l_specl, t^spec2) ■ 

let CCd_parml*3: op^pecl*! - t_specl 
CCd_parm2*3: op^pec2*3 - Mpec2 
idnl* - d_parml*mn 

constraintl* - djparrtil*±«omtr*int 

idn2* - d^parfntfAidfc 

constraint2* - Re+la&itfnl'i Wn2*, d^trm2*4constriWt> 

in < 

if SamesizeUdnl*, idn2*) 

then Same_constraints(tonstr&intl*, constraint2*> A 

Same-Op-specsiopap&A** op^pec2*> 
else false 
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Same-op_specs(opjipecl*, op_spec2*> « rtc 

let CnamelCd_parml*]j djypeO - Headiop _sped*> 
Cnamc2Cd_parm2*3: d_type23 - «««feipiip»tf> 
in 
if Emptyiopjipecl*) v £m/rty<opjspec2*> 
then op_specl* «■ op_spec2* 
els* name! - namc2 a 

Same_r_spedUdufmitfl:&JW«tt, ICd^)arm2*]: 4jf$*2J) a 
Sam-opspecsiTalHopjpml*}, T<0op-W*&® 

L-parmsiobf, ce> * rec_ if Emptyiobf) 

then true 
else if L-parmsiTtUHobf), ce> 

in 
if djype /J Type 

then L-typeiv*\to Djype, ce) 
<fr< true 
tfw false 

Illegal references can occur only in types. 
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L-tyf>e(d_type, ce) ■ 
case d_type 

elem CrecordCd_comp*H <^Djrecord 

then L_fy£«<d_comp*idJype, ce> 
elem Con«ofCd_comp*]3 o/D_oneof 
then L_f)>£«<d_comp*id_type, ce) 
elem Eproctype (djypel*) r«turn» (d_type2*) «i9H«l» Wjcond* )lq/"D_proc 
M«n £^#^*d jtypei^ ceX a IJpci^#,# a ■ 

*/<rro Dtertype (djypel*) returns (djtype2*) situate (d_cond*)J qf DJter 

Men L_r^«(d_typel*. ce> a L_^/xj(d J^«2*, ce) a 
L_fy£«<D«/iJf<d_cond*Adjypes), ceV ; ' : * 
<7em CduEobj*]! ^Djmbtf 

Men -<ce.specstdu) fr Typ»> a L_p*mj<c*j* , ce> 
e/em idn of Idn 

Men false 
*/.$* true 

Formal type parameters and instantiations of the (data) abstractions being 

implemented are illegal. 

L_f;y£«(d_type*, ce) ■ j«c if £m/MjKdJype*) 

then true 

else L^typeiHeadiAjype*), ce) a 
L.types(TaiMjfp(^), ce) 
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5.8 Modules 

The major function defined in this section is: 

Compile: Full_module* x Infcumpx Library ,-» Library 

The domain Spec_map was defined in section 5.1. The domain Library is defined as: 

Library: specs: Specjnap x imps: Impsjnap 

Impsjnap: DU -» Imp* 

The domain Imp is defined in the next chapter. 

To check a set of full_modules, we first derive interfaces as defined in the previous 
section. Then each module is checked in it* entirety as follows. For procedure and iterator 
modules, the formal parameter* ar* bound Jovihet* constraints as listed in the internal 
interface, and the header is reevaluated to ensure ^tfiaf/ trie inierf ace is consistent. The body 
of the routine is then checked. For cluster nwdules, the formal cluster parameters are 
bound to their constraints and the idns naming cluster routines are bound to the interfaces 
for those routines; then each routine is checked, as for procedure and Iterator modules. 



Com/u/f(full_module*, infojmap, library) ■ 

let eel - Crw*je*tmt&jmpk library.specs> 

<du_spec*; ce2> - DerlvespecsifuMjmQ&uk*, eel) 
<mod* ; ce3> - C^Lt^ul*iimjn6i&k k , tfu_ipec*, ce» 
in 
if ce3.err 
then library 
else <ce3.specs; Add..lnps(mo&* t HbraryJmps>> 
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Add^impsimod*, impsjroap) ■ rec 
if Emptyimod*) 
then imps_map 
else let Cda * nkni Jbrml - ffwrf(mod*> 

imp - MearUntfmo&Jiimti 

imp* - ComCimp, imps_map<du» 

in 
Add_imps(TaiHmod*), impsjnaptdtt ■■■■♦- imp*]) 

Meaning is defined in the next chapter. 

C_/M.tf_morfw/ej(full_module*, du_spec*. ce) ■ £gc 
let Eequate* module! - //«*rf<fuHjTTOdWe*> 
eel - C_*$a«fM<equate*, ce) 

ce2 - lnstalLspedHea<Kii\i_spec*), cet) 

<mod Jormr ce3> - C_morfttMmckiufe, cet? 
du - G«f_rf««?Bf_morf_Jrfa(r»odule*, c«3* 

mod - (Edit s mod_formJ 

ce4 - ceCce3.err •err! 

<mod*; ce5> - C^tULmadtaesifattiMljriwdvk*), f a*Kdu_*f>ec*), ce4) 

in 
if fiW^WjrtftfHjrnodtfte*) 
*A*n <nil in Mod*; ce> 
else <Cons(mod, mod*); ce5> 

Install-spe&ld jp&rm*l: djypeS(ce) ■ /W<C/>«mrtd^rfn*, ce) 

/njra//_j/>«CEd_parm*3: opjspec*3<pe) ■ fci eel. «■ AdiL.pams<6_p*rm*, ce) 

in 
y#rfrf_ojbj<opjspec*, eel) 

lnstall_3pecKrou\\nel(ce) ■ /nrfa/OjMT. typelKce} ■ J. C€ 

The special interfaces exist only when deriving interfaces. 

/nstall_spec\LnoneHce) * ce 
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G«tf_rfu(idn, ce> ■ case ce.info(du) 

elem du of DU 

then du 
e/« du, 
It is an error if the idn does not name a DU, but the error is caught elsewhere. 



y4rfrf_/Hirmj(d_parm*, ce) ■ rec 
if £w/My<d_parm*) 
then ce 
else let I idn: constraint! • Headidjpirm*) 

eel - AdtLinfoddn, constraint In Info, ce) 

in 
/4rfrf_£armi(ratf(d_parm*), eel) 

/<rfrf_o/>5(op_spec*, ce) ■ rec 
if Emptylopj&pec*) 
then ce 

else let EnameCd_parm*]i djtypeJ « #M<t(op_ J fpec*) 
idn - AfofcUdiittwae) 

r_spec - CCd^»rm , 3: d jypel 

eel - <4otfJ*/M4n, rjpec in Info, ce) 

in 
/*rfrf_o/>j<7"ci/(opjspec*), eel) 

C_morfu/«ICprocedure3(ce) ■ let <op_form; cel> - OvuttnKprocedure in Routine, ce) 

in 
<op Jorm in Mod Jorm; cel> 

C_morftt/<€iterator3(ce) ■ let <op_f orm; cel> - C_rou«n«< iterator in Routine, ce) 

in 
<op_f orm in Mod .form; cel> 
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C_mo</w/<€idnl = cluster Cdecl*] Is idn + where restriction* 
equate* 
routine* 

end idn23Kce) ■ ' 
let idn* - DMsX&cflidm) 

eel - Add-up-tfpdiAnl, idn*, eel true e cluster]) 

ce2 - Cequatesi equate*, eel) 

ce3 - L„parrn_decls(dtc\* , ce2) 

ce4 -■ L_r<jfrtcfi07M<restriction*, ce3) 

ce5 .- £raj*(idn*, ce4) 

<oper*; ce6> - C_r0&rtn«(rdutine*, ce5) 
mod_form - C cluster Eidn*] oper* end3 in Modjbrm 
in 
if idnl - idn2 a --(ce2.down is Bad) a ->DuplicaUsll!&n*) a idn* c oper* i idn 
then <mod_fotm; ce6> 
else <mod_form; ce&true e err3> 

A rep equate must occur in the list of equates. The cluster parameter bindings 

are removed before checking ttie routines; new bindings for these parameters are 

obtained from the interface of each routine. 

Erasettdn*, ce) ■ rj£ if Emptyttdn*) 

then ce 

else let info_map - ce.infot#*<u«idn*) ♦- none in Info] 
in 
EraseiTaiUidn*), cetinfojnap e info]) 
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Coroutine j(routine*. ce) ■ re£ let routine » tf«kf(routine*> 

idn - Grt_©£Jdn(routine) 

eel - InstalLopsptciidn, ce) 

<op_f orm; ce2> - C_r«a*»i#(foiitine, eel) 
oper - tidn « ppi/ownJ 

<idn*;ce3> • Restoreiot, ce2) 
<oper*;ce4> - C_e«K«n«<ratf<routine*), ce3) 
in 
*/ £m#y(routtne*) 

then <niUnOper*; ce> 

«/« <Co»*<oper, oper*); ee4> 

Installjopspedtin, ce) ■ caj* ce.info(idn) 

Wm CCd^arin*l;djype3$fRjspec 

Men ^dfL/xfrawid^parm*, ce) 
else ce[ true* •err! 

L_/»arm_rf«/j<decl*, ce) ■ rec 
if Empty(dec\*) 
then ce 

else let Eidn + : type_spec3 - tf«w«decl*) 
/n 
// type_spec is Type 

r/ten L-parm-declsiTaUidtcl*), ce) 
*/j* /ff <djype;cel> » C-Xyj«uJjkc(type_*pec, ce) 
in 
t_/>arm_<tec/5<7'atf<decl*), eel) 

The type specifications used to declare parameters are rechecked solely to gather 
uses of external references. 
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C-routineV: idnl a proc CdecH*J <decl2*) return* (type_spec*l stgnat* <C*nd_ J sp«c*> 

where restriction* 

equate* 
statement* 
♦ffltidf&Btce) * 
let eel - cetf arise • iterHGiW«<idnl, ce.used) • used] 

ce2 • C_*fuaf«(es,uate*; eel) 

ce3 -' L_^xr»L_rf«c/i(decU*, «e2) 

<expr*; ce4> - C_ctff_rf«dl<dict2*, ce» 

<d_type*; bool*; ce5> - C-MJtjpmtypeJpM*, ce4) 
<sig*; ce6> - C^evt _^»ndrf<»hd_spec*, ce5> 

sigl* - y<^nrf($lg*. <F«tfO; f •»•• in Bool*>> 

ce7 - L-restrUtionStt^ititocti*, ce8) 

ce8 - ce*d_type* « re«ittsir.Dl&of • cvtsKsigl* • sigs] 

idnl* - D#krfdet1i*iidns} 

idn2* - Dett5fCded2*iidfii» 

<stmtl*; ce9> - Cstatementsbtotment*, ce8) 

stmt2* - C<mj<Cidn2* :■ expr*J in Stmt, strnt^*) 

stmt3* - if EmptyitypejpK*) 

then stmt2* 
else ApptndisUtdS*. 

tr«turn<nll in Expr*)1 in Stmt) 
<idn3*; celO> - Restoreice, ce9) 

unit « CstmtS* local idh3*3 

op_form - ErTOttn%tldnl*lticTh2*? untt ihdJ 

in 
if idnl - idn2 

then KOpJorm', cel0> 

Wj« <op_form; celOCtrue • err3> 

Coroutine is used for all procedures and iterator including cluster routines. The 

use of cvi is controlled by a flag in the CE. In checking the argument 

declarations, a multiple assignment is constructed to make explicit all implicit 

downs. During execution a formal argument declared with cvt initially will be 

assigned an object of the abstract type, and then is reassigned an object of the 

representation type when the multiple assignment is performed. 
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Coroutines idnl ■ iter Cdecll*3 (dec!2*) yields (type_>pec* ) signal* (cond_$pec*) 

where restriction* 
equate* 
statement* 

end idn23<ce) ■ 

let eel - ceCtnte e iterttContfidnl, ce.used) e used! 

ce2 - C_^ua/w(equate*, eel) 

ce3 - L_^arm_<tofr(decU* t ce2) 

<expr*;ce4> - C_«;f_rf«c/j(decl2*, ceS) 

<d_type*; bool*; ce5> - C_iw/_f3^«<typejspec*, ce4) 

<sig*; ce6> - C_c»f_conrfj{cond_»pec*, ce5) 

sigl* - /4/>/xn<ftsig*, <Fai«>; false In Bool* >) 

ce7 - L_wfrtctt<m*<restriction*, ctfc) 

ce8 - ce7td_type* e resuftsttbool* e cvtsXsigl* e sigsJ 

idnl* - D«fof<dectt*4idni) 

idn2* - D<rftjtfded2**idhs> 

<stmtl*;ce9> - C_tfa/em<ntt<statement*, ce8> 

stmt2* - C<mKDdn2* t ietxpr*3ftiStmt, stmtl*) 

stmt3* - Appenditimt??, treturnCnil /n Expr*)J in Stmt) 

<idn3*; cel0> - Restoreict, ce9) 

unit - CstmtS* local idn3*J 

opjorm - EC routine [kJnl*3 (idn2*> unit end! 

in 
if idnl - idn2 

then <op_form; cel0> 

else <op_form; ceHX true e err] > 

L_restrictions( restriction*, ce) ■ rec 
if Emptyt restriction*) 
then ce 

else let eel - L_r«Mctton(W*ad(restriction*), ce) 
in 
L-.restricUons(TaiH restriction*), eel) 
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L-restrictionKi$n has oper_decl + 3(ce) ■ 

let <op_decl*; cel> - C_o/Kr_rf(frff<oper_decl + , ce> 

in 
eel 

The check that the idn is a type parameter was performed when deriving 

interfaces. 

L-restriction£idn in type_setl<ce> m let <t*et;«el> « C_*?f«-ttf<typeu*«t, ce) 

eel 

C_cyr_(/fc/5(decl*, ce) ■ r^£ 

/*f Cidn + : typej»pec3 t » #*«<«decl*) 

<d_type; booi; cel> - C_««_ry/w(type^pec ce) 
ce2 - jfrfdLJitftitttfrf,, d_type *n Jnfo, eel) 

exprl* - G#r_**£rjUdn + , bool) 

<expr2*; ce3> - C^vL.rftt&tT'cifideei*), ce?) 

ft,..,, 
i/ fm/rfjKded*) 

then <nil t'?i Expr*; ce> 

else <C<mc«f (exprl*, expr2*); ce3> 

Get_exprs(idn*, bool) ■ rec if Emptylidn*) 

then nil in Expr* 

*/5« let expr* - Cjrt r ^^f««(idn*), bool) 
expr - tfittfftidn*) itn Expr 

if bool 

f Aen Con j<[down(expr>] In Expr, expr*) 
. Wm Cwutexpr, expr*) 
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C-Cvt-typestiypejipec*, ce> ■ rec 

let <d_type; bool; cel> - C-CvUypeiHeadityptjp*?), ce) 
<d_type*; bool*; ce2> - C^cvLJfptsiTaUltfpt^^i, eel) 
in 
if Emptyitypejipec*) 

then <nil f* Djype*; nil in Bool*; ce> 

else <Conj(d_type, djype*); C«w(bool, bool*); ce2> 

C_cvt_ty petty pe_*pec, ce) ■ */ type_*pec is Cvt a -.(ce-down *; Bad) 

rA*n <ce.down; true; ce> 
*/« /rf <djype;cel> - C.J#CJ£«<type_jspec, <*> 

<d_type; falee; cel> 
Cvt is permitted as a top-level type specification in declaring arguments and 
results (including yield and signal results) of cluster routines. When checking the 
entire module, cvt is replaced by the representation type. 

C_cyf_c<mrfj(cond_ J spec*, ce) ■ rec 

let Ename(typej5pec*)J - tf«aW(cond.spec*) 

<d_type*; bool*; cel> - CucvUypesitypejqpef, ce) 
d_cond - Enametejype*) 1 ! 

sig - <d_cond; bool*> 

<sig*;ce2> - C_«rt_c<mrfi<rai«condjpec*), eel) 

in 
if £m/>fy(cond_spec*) 
then <ni\ in Sig*; ce> 
else <Cons(si%, sig*); ce2> 
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6. Meaning 

In this chapter we define the MetHiWg W legal nkdiM. fl§Mm, t6 minimize the 
number of forward references, we proceed from the bottom op. We begin by defining 
execution environments, and then we define the meaning of Jic»repU<MH» Statements, and 
finally modules. 

6.1 EnvironfAlniii 

The domairi Eriv of execution environments is defined as follows: 



Env: 

Imp_map: 

Imp: 

Op: 

Type: 

V_map: 

Loop: 

A_map: 

R_map: 

Result: 

Term: 

Signal: 

Exit: 

Loop_term: 



imps: Imp.map x vars: V.jnap x loops: Loop* x array: Array x 



: Record X 



S: 



arrays: A_map x 

DU -♦ Imp 

Op + Type 

Obj* x Obj* x Eriv -4 ReitiH 

Obj* x Name-* Op 

Idn -» Obj 

vars: Idn* x body: Unit x ehv: Env 

Array-* Int x Obj* 

Record -♦ Obj* 

term: Term x objs: Obj* x env: Env 

Normal + Return * Break + Continue + Signal ♦ Exit + Loopjerm 

signal: Signal x name: Name 

exit: Exit x name: Name 

Return + Signal * Exit 
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The meaning of the various components of an execution environment are: 
imps - a mapping from DUs to implementations. This- is not the mapping that is part 

of the library; rather, it is generated from the library by selecting a specific 

implementation for each abstraction used in the program. 
vars - a mapping that defines the current object denoted by each variable. 

Uninitialized variables denote the bad object, 
loops - a stack of clotures for for statements. Each closure consists of the list of loop 

variable*, the loop body, and the vafHtbte kind^gs active for the4oop body, 
array - a seed for generating new unique Omft&M&f objects Every id less than this 

seed is the id of an existing array objecL (The domain Array is isomorphic to 

the natural numbers.) '• 
arrays - a mapping that defines the current state (low bound and elements) of each 

existing array object, 
record - a seed for generating new unique ids for record objects. Every id less than this 

seed is the id of an existing record object. (The dttnain Record is isomorphic to 

the natural numbers.) - 

records - a mapping that defines the current state of each existing record object. The 

components are in increasing lexicographic order according to their selector 

names. 

We note that in a more "standard" semantic definition one would not coalesce all of 
this information into a single domain. Rather, the domain Env would consist solely of 
variable bindings (i.e., Env - V_map) and a separate domain, State, would be defined to 
consist of the other information. The principal advantage of such a scheme is that, 
although all of the information is needed to define the meaning of most constructs, certain 
evaluations (e.g., expression evaluation) cannot change (and therefore need not return) any 
variable bindings. However, as discussed in section 2.2.3, using a single domain greatly 
simplifies the task of propagating exceptions. r 
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PrimMve_env<) * <Prlmi(ive.impsO; ± VjMp ; ± Loop ,; ± krr ^ i,^; l Rtcorl ,; J-„_ m . p > 

Primitive-env is used in the evaluation of constant expressions. Constant 
expressions do not contain variables arid do not create Or manipulate mutable 

objects. 

Primitive-imps: -* Impjmap 

PrmimeJtnps returns an imp_m*p witfc implementation* for Hi* built-in types, 
the •rray type generator, ami the procedure g e neuwr fore*, implementations 
of the record» onoof, proo*jp% and itortypo type gen e rator s , and the type 
routmo wiN be handled specialty simitar to the way their interfaces were handled 
in section 5.3. 

6.2 Expressions 

The major functions defined in this section are: 

E_expr: Expr x Env -+ Result 

E.exprs: Expr* x Env -» Result 

Euinvoke: Invoke x Env -♦ Result 

E-exprsiexpr*, env) ■ rec 
if Emptyiexpr*) 

t ken <ftormai in Term; nil in Ob j*; ertv> 
else res <terml; objl*; envl> * E-expriHwdiWpt*), env) 
<term2; ob j2*; env2> - E-gxprslTWlisxpt*), envl) 
in 
<normal in Term; Con<:af (objl*, obj2*>; env2> 

The res notation, defined in section 14, is used to propagate exceptions (and 

bottom, in the event of nontermination). 

£L*x/>rI[obj3Kenv) ■ <norm«Un Term; ob j in ObjY env> 

Actual parameters are substituted for formal parameters throughout a module 
before evaluation takes place, as defined in section 6.4. 
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£_«c/!»Cidn3<env) ■ let obj - env.vars<idn) 

in 
if obj - [(bud inV0i In D4ype)l 

then Fai/ttM"uninitialiWd variable" in String, env) 
else <norm«l in Term; obj in Obj*; env> 

Failurei string, env) ■ to term - <#xlt- "failure" in Name> In Term 

djype - Cdu^ f ^ ttite Djype 
obj - Ostrlhg in Val): djypel 
in 
<term; obj in Obj*; env> 

£_«r/>HEinvoke]l<env) ■ E„invokeiinvoke, env) 

£_fni»oAc(Lex pr(expr*)3<env) ■ 

r« <terml; objl*; envl> - £_**jMeXf*r, env) 

<term2; obj2*; env2> w JB_«^(e*p*r envIK 
let <op;ob|8*> * Wtj6pt<K$?*&Oify env2) 

v_map - Aidn. Obatffct VaD; <b*din Djype)J 

<term3; obj4*; env$> » Oplob^*, ';'WfP, env2£v_jnap • varsl) 
in 
PassiterrriS, obj4*. env3tenv2.vars • var*]) 

Get jap returns the implementation and the actual parameters for the routine. 

Pass is used to propagate bottom in we the routine don not terminate. jLTfte.rei 

notation cannot be used because the variable bindings mutt be restored.) 

Paul term, obj*, env) .-■..#" termi* Normal y torn. 

then <term; obj*; env> 

else l R „ uU 
If the termination condition is bottom, then bottom is produced; otherwise the 
usual result is formed. 
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G*r_o/»(obj, env) ■ cast ob|val 

tttm Cd«Eebj*n *f Djnod 

ikm mil afjys*T 1 ' " ■ '"' ;n ' ."" 
«/«m d j-ejard af Djrecord 
. r f*#p <K#wrf^d j-ecord, i**mt>; dbjS 

then <6*#<^^d jjoeof , name); eb|*> 
-■ «fat d_proc |f JM*?e r 

then <U*rtyp*uofidjm, name*; obj*> 
Www routtno #" Roy tine , 

, . ' tkm (# type v*"i m P* <dii > f» T*pe 

kicord^op: ''tijri^kMme + Qp -' : '"'-' "" ? '''" 

Onetfcjp: D_ort*of x Name -4 Op ■»' 

Proctypejofayv* Djtm <*!**«*-> Op -.,„.-.-:.■ 

Itertype^op: D Jter x Name «♦ Op 

Implementations of the record, CHieot, prootype, *«d Itortypo^pe yenerttors 

cannot be represented at elementi of the domain Type, but implementations for 

the operations of any particular instantiation can be represented as elemenu of 

Op, as defined in section 6.5. 

Routine_op: Name-* Op 

Routint-op represents the implementation of the type rowtbto, as defined in 
section 6.5. 
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£_€x£rCd_type$<comp*}]l(env) ■ ■ . 

res <term; obj*; enyl> - £_«c£«(comp*4.expr, env) 
let ob jl* - Orrf«r(comp*iname, obj*) 

record - envLrecord 

r_map - envlrecordsCrecortf ♦- objl*] 

env2 - envfftff w_r«orrf<record> ■* r«ordltr_map • records] 

<normoUn Term; Orecord fn Val): djyp^J InQbj*; env2> 

New_record: Record -* Record 

Ne&jrecord returns the successor to the given element (The domain Record is 
isomorphic to the natural numbers.) 

£_«x/>rCd_typc$Cexpr: expr*3J(env) « 

res <terml; objl*; envl> - £_«#r(expr, env) 

<term2; obj2*; env2> - £_«c£r.t<expr*, envl) 
let obj - objl* to Obj 

int - dbj.vaff0lnt 

array - env2.array 

a_map • env2.arrays[array «- <int; obj2*>] 

env3 - en v2t#wjira^array) • arrayXajririap • arrays! 

in 
if Lstatetinl. obj2*> 

then <normal in Term; Karray in Val): d Jypel in Ob J*; envS> 
else Failure^ in String, env2) 
The string argument to Failure is arbitrary. Lstate is defined in section 6.5. 

N eta-array: Array -» Array 

New-array returns the successor to the given element. (The domain Array is 
isomorphic to the natural numbers.) 

£_«;/»rCupCd_type](expr)3(env) ■ m <termi<tof;mirt» * E-exfnAexpr, env) 

let val * obj* to Obj in Val 

in 
<normal in Term; Cval: d jypeJ in Obj*; envl> 
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£_*x/;rD:down(expr)J(env) ■ res <term; obj*; envl> - , p-txffajpi, env) 

let obj - ©bftoObJ 

in " 
•cnormal in Term; ob^val J« Obj In Obj*; envl> 

IT the .type «nfiCOttW sot be uwd m « rppriiWUt ion type, then ue couki limply 

replace the d.type component of the object with the abstract type instead of 

adding a new lay*; down Would iheh ; 'rept*M thi *&y|H? con^oneVit; with the 

representation type instead of removing a jfajav However if the representation 

type were any, then information would b« Jo* by such an "optimization", and 

correct invocations of foroo on down'ed abjecu would fait 

£_fx/>rlCexprl cand expr2Kenv) ■ res <term; obj*; ejivj* * |L«*^X»rt, env) 

if ob £v#l to Bfoj , 

then E^expr<.wpr2. envl) 

«/j« <norm«Un Term; ob/; envl> 

£_*jc/»rfl[exprl cor expr23(eny) ■ res <term; obj** envl> * £_#x^rtexprl, env* 

let obj ■•'■•■••■"' . obj* to Obj 

if obj.vsl <o Bool 
7*«t <nb««^ in Tetrm; obj^ehvi> 
Wj* £_*x^rC«pr2, envl) 






6.3 Statements 



The ma jor funrticms defined ii* this section are: 

Estmt: Stmt x Env -» Result ■ 

£_t/.n«: Unit x Env -» Result 

^55n/: Idn x Ob j X £nw -» En,v 

;Msm ,Idn* x ObJ* x Ent «?• Env 

Assnl and Assn are used for assigning objects to Variables. 
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£_uniritstmt* local idn*J(env) ■ let <tern^ ob£; envl> - £jfm/j<$trnt*, env) 

env2 - l/iMMinddn*, envi) 

in 
Passbtrm, obj*, env2) 
Pass is used to propagate bottom to case evaluation of the body does not 
terminate. 

E-Stmtsi&tmt*, env) ■ rec if Emptyiuml*) 

then <nof maim Term; nfffftObj*; env> 
else ret <ter«t; obj*; envl> ■-*.> Io*I>«fU/#*#*tmt*). env) 
in 
EstmtrtTiMimfc), ***$ 

UnassnUdn*, env) ■ rec. if Emptyddn*) 

then env 

«/m let obj - C(bad in Vat): (bad in Djtype)J 
envl - AssnHHemmn% ©ty env) 

in :•■;:.■ 

t/na«n<r<tf/(idn*), envl) 
Variable bindings are removed by rebinding the variables to the bid object. 

AssnHidn, obj, env) ■ let v_rr»ap - env.varstidn «- objJ 

in 
envEvjmap • vars] 

£_jfmrCnone3(env) ■ <normal in Term; nit in Obj*; env> 

£_jrmrCidn* :■ expr*l(env) * ra <term; ob j*; «n*l> - &*xjMe*pr*, env) 

let env2 * 4unUdn*. obj*, envl) 

in 
<normal in Term; nil in Obj*; env2> 

Estmtlidn* := invokeKenv) ■ r« <term; obj*; envl> « £jmw*#(invoke, env) 

let env2 - yl«n<idn*, obj*, envl) 

in 
•cnormal in Term; nil in Obj*; eny2> 
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Assnlidn* obj* env) ■ m if ttitptyfotiih ) 

then env 
else let envl - AssnHH«uMdr\*), Hwmdivbf), env) 

In '■■' i} - y * 

£_5fmrlEinvokeJ<env) ■ r« <term; ©bj*; en»l> - &JftmMtnv«fce, fltv) 

to .■;■■■.., y **■*.;, "-• ?y- . :.-- '>■■.. ."i 

<pwmi|l in- Tern* -ptfc<M>*& «»vfe 

Thg ob jectrfetumed by tta J<*»e<«*)fraJ»UiMlwKiL 

EstmtMf expr th«n until nMT* <H»e «*ft«*i<«nv> ■ 
r« <term; ob j*; envl* - E_expr<expr, env) 
let obj - obj* to Obj 

in 
if ofcj<*»4>{*£tK)t - 

rA«n fi_Bn*(«ni«, «i»v» 

«/« E^elseifsMMS*, uni*2, env© 

£_€^f(^elseif* v uni^, ej&y) ■ £|£ . v 

if Emptflelseif*) 

then £_untf< unit, env) >e . 

else let Celseif expr then unitlJ - Hemdtebeit*) 

res <term; obj*; envl> - £^^Wff, : e«v> 

let obj - oHf fti' Otej 

f/ ob j.val fo Bool 

• v m#j# «iaswtenta/ea«) 

#»« #i.«J»0<7VtfKelsetf *), unit, envD 
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Estmfc while expr do unit endKenv) ■ rec 

res <iterml; objl*; envl> - £_«*£r(expr, env) 
let obj - objl* WObj 

j'n 
i/" obj.val to Bool 

rfon /«* <term2;obj2*;env2> - £_un«(unit, envl) 
tn 
1/ term2 iJ Normal V term2'tf Continue 

then £_j/iW(C while expr do unit end] <n Stmt, env2> 
the if term2 fi ^ Break 

Men <normal in Term; nil in Obj*; env2> 
<?/j* <term2; obj2*; env2> 
else <normal tn Term; nil in Ob)*; envl* 

Executing a break statement in the body terminates the while statement. 

Executing a continue statement in the body causes the rest of the body to be 

skipped for that cycle, but execution df the while statement continues. Other 

non-normal terminations of the body terminate the while statement. 

£_j/m/I[return(expr*)3<env) ■ res <term; obj* ; envl> • £_«#r*<expr* t env) 

in 
<return in Term; obj*i envl> 

EstmtK. signal name(expr*)3(env) ■ res <term; obj*; envi» *■ E^exfirfaKpf*, env) 

let terml - <signal; name> in Term 

in 
<terml; obj*; envl> 

E-.stmtK.exW name(expr*)3(env) ■ res <term; obj*; envl> - £_«#r*( ex P r *' env) 

let terml • <exh> name> in Term 

■ in 
<terml; obj*; envl> 

£_5rwrCbreak3<env) « <break in Term; nil in Obj*; env >> 

£_jfmri[continue3(env) ■ <contlnue in Term; nil in Obj*; env> 

EstmtlL begin unit endKenv) ■ £_unif<unit, env) 



.-; ^^T^****^ 
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Estmfc tagcaeo expr tag* endJienv) .^, r«" ^^ 

Cname-.ooJJ * valnrOnoof ni 

.. ;>;w 4 :: PMltt^^|Mi^.^ r .#Nrl)'. • 
£ja f 5(»g*. name, obj. env) . ^iC^ff^T^W^ -Wn* ."'. 

Legality-checking h«^mufWth*t one^ ♦hC»nm«*^«MaHed. 



sXvjw . s "£!?te 



/WarcA_te£Etaa name* (ion): uniO<nww) ■ *na«e^ MF*)n 



SO ■ •' iy^-.. ■>■"'; ?i- ;t :\ -'? *?£;'.<*!': , •>-:;>'; >fl; '" '.'a^'rv-tls.?.:. ii'Aiv.iHr.'.} <■■ '•'•. ^,3 ;■;•.- ■■ ..... 

E-tatfLiag name*: unitJCdb], env) . «^*W*unirilrV) 

£_jfm«Tf or idn* in invoke do unit ondKenv) * 

/« loop* - C«MMd»*] BnK; env.van>, env.toop*) 

<term; obj*; envl> « £_inea*«<invoke, envtloop* • loop*]) 

PawCterm, obj*, envKvjnap • varsMTadiehvLloops) • loops}) 

The invoked iterator handles termination, including execution of brook and 
continue statement Paw te osed t» prtpag— M m nm mmmMm>mn&UL.'$0r 
some cycle of the loop body) does not terminate. 
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£_jf»tflEyield(expr*)J<env) ■ 

res <terml; ob jl*; envl> - fLex^riCexpr*. env) 
let <idn*; unit; v_map> ■ //«a4<envl.loops) 

env2 - envltvjnap • varsJtratftenvl.loops) • loops] 

env3 « Assniidn*, objl*, env2> 

<term2; obj2*; env4> - £_u»tt<unit, envS) 
loop* - Conj<<idii*; unit; env4.vars>, env4.loops) 

env5 , ■ eiivWi^i|rs ovarsJCloop* •loops] 

in :! " '/ ' : ''"'"' 

if term2 is Normal v term2fi C o ntUw a 

rten <norm«l in Term; nil in Obj*; env5> 
else if term2 ii Break 

then <return in Term; niHn Ob j*; enVl> 
*/5* <tei m2 toJLn Loopjerm in Term; obj2*; env5> 

Executing a break statement in the body terminates the iterator (and the 

invoking for statement). Executing a continue statement in the body causes the 

rest of the body to be skipped for that cycle, but execution of the iterator 

continues. Other non-normal terminations of the body terminate the iterator, but 

the result must be propagated spec*riif *hr*ugh the iterator and back to the caller. 

fLjm/Cstmt except catch* endJ(env) ■ let <term; obj*; envl> - £_jfmf(stmt, env) 

in 
case term 
elm <eartrname>^ Exit 

then EuMtcksicaxch*, name, obj*, envl) 
etse <term; ^j^err^ 
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E-.catchs(catch*, name, obj*, env) ■ rec 
if Emptyic^ch*) 

then let term •= <exit; name> in Term 

171 

<term; obj*; env> 
else if Matc/L-catcMHeadic&tch*), name) 

then £_cafc/WA/«arf(catch*), name, obj*, env) 
else E^catchs&aiHatch*), name, obj*, env) 

Exits not caught by any handler of the except statement are propagated through 

unchanged. 

Ma(ch_catchK. when name* (idn*): unitJteame) ■ name c name* 

Match_catc/£when name* (*): unitJ(name) ■ name € name* 

M afcA_catoWE others: unttKname) ■ true 

Match-catchSLothGrs (idn): unitl(name) ■ true 

£^carcAJEwhen name* (idn* Hunit3<name, atof, env) • 
let envl - ^5*n(idn*, obj*, env) 

in 
£_um'f<unit, envl) 

E-.catchlwhen name* (■*): unttKname, obj*, env) ■ £_untf(unit, env) 

E_catc AC others: unitKname, obj*, env) ■ £_untf(unit, env) 

E^catchlL others (idn): unitKname, obj*, env) ■ 
let d_type - Edu JtMng til in D.type 

obj - K(Make_string(ttome) In Val): djypel 
envl - AisnHidn, obj, env) 
in 
£_umr<unit, envl) 

The idn is bound to a string representing the exception name. 



V^'S?;.J^3Jis*;^*VA .V : ; 
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M.ake_string: Name -» String 

Makestring returns the string corresponding to the given name. (Name and 
String are isomorphic domains.) 

6.4 Modules 

The major function defined in this section is: 
Meaning: Modjbrm -* Imp 

MeaningLop Jorml ■ C\<objl*. obj2*. env). £_o/Kop_form, objl*, obj2*. env)) tn Imp 

Meaningl.typtJoxmT> ■ <X(obj*, name). Af_f#rttype./orm, obj*. name)) fn Imp 

AOy/tflEcluater Cidn*3oper* ondKobj*. name) ■ 
/«r opjorml » F*nd_o/>(name, oper*) 

op_form2 - Substlcbf, idn*, opjorml) 
in 
Mobjl*. obj2*, env). £J>^(opJorm2, objl*, obj2*, env) 

F/nrf_o/>(naroe, oper*) ■ rec let Eidn « opjorml - WauKoper*) 

in 
(/" Af afccJrfn(name) « idn 
Men opJorm 
rfM ftn<Lop(name, roMoper*)) 

Legality-checking has ensured that the operation exists. 
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£_o/£routmeCidnl*I(idn2*)untt endiiobji*. obj2*, env) ■ 

envl - Astntidmtf 1 , ob^i*«#» 

<term; obj3*; env2> - £_untt(unttl, envl) 

in ;■;:.;<>', 

cc5* term 

'. . . ■ i 
*/«m normal 0/ Normal 

rten FatfureTno return values" m String, env2) 

Wem return of Return 

then <normal in Term; objS*; env2> 

; ,: W«« <*io*H& name*©/ Signal 

rA«n /ef exit - <exit; name> 

<exit in Term; objS*; env2> 
f^m <exit; name> o/Exit « -• 

rAen */ name - ("failure" in Name) 

then <term; obj$*; err*2*\ '^ 

else let string - C<mca*Cunbandled exception: " in String, 



r'dstfur^string, env2V 
elem loop Jerm ef Loopjerm 
r A«n <loop_term »_ln Term; ©&J9*; erivtV 

*nrf """''''* 

As part of legality-checking, raturn statement* are added to the ends of routines 
that do not return any objects; thus a routine body which evaluates to a normal 
result is in error. Signals are changed to exits at the routine boundary. Failure 
exits propagate through; any other exit is changed to a failure exit with the 
original exit name as the result object A non normal termination of a for loop 
body is passed back to the caller. 
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6.5 Built-in Abstractions 

In this section we define the built-in procedure generator f ore« and the operations of 
the built-in types and type generators. Each routine is defined either by giving a routine 
heading and an element of the domain Op, or by giving a routine written in CLU. The 
implementations are not necessarily the most efficient possible. We do not define any 
operations related to input/output, since I/O if not part of the language proper. 

Several routines can signal failure, but the exact string returned can vary from one 
system implementation to another. We indicate these strings with a question mark, as in 

Fallurel? in String, env) 

When computing with integers, the operators V, '-', V, 's\ etc. have their usual 
mathematical meaning. We also use the operators '/' and '//*, defined by 
x/y-q a x//y - r iff <0sr<|y|) a (x-y*q*r> 

When computing with reals, we wilt treat Cintl • int23 as the real number intl*l0 1nt *. 
For example, 

Cintl e int23 < Cint3 e int43 iff intl*10* nt * < int3*10 int4 
An expression such as 

Cintl e int?l + Cint3 e int4J 
means that one should choose the normalired element of Real that represents 

intl*l0 1nt2 + int3*l6 1i,M 
and similariy for other operators. The exact normalization algorithm is not important here 
(though it must be the same as that used by the parser); normalization simply ensures that 
our use of strict element equality: 

Cintl e int23 - Cint3 e int43 iff intl - irttS A Int2 - int4 
corresponds to the usual meaning Of equality. ■:■■'■' 
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0.5.1 Auxiliary Functions 

For every tioniftirt B* wt aatfiwt the f uiwtlem 



bast: 


:,;;.< D**4->D-, .•■ 


K*v We* HV'HIHI 


Front: 


D?t»D* 


&tM$bW)*ftttotf*M 


Size: 


D* -» int 


_ JpO| $UJ|l|^ r ©T jj!jei$tllti 


Fetch: 


D* x Int -» D 


get tt/t element 


Storit 


16* k fMt k D4 ft* 


■• ^^mtiNmmt ■ 



The definitions of all but the tost two fhfutt be obvious. .^0kJtfdL Store ere fitted *» 
follows: 

FetcMd*, int) ■ r« i/ int - 1 

fton Heqd(6*) 

else FitckfMft} int-lJ 

Sfor«(d*. int, d) ■ r*| i/ int » 1 

fA*n ConsiA, TaiHd*)) 



MinJlnt: 


-* Int 


Max_int: 


-♦me 


Max^char:. 


-» Int 


M in-real: 


-» Real 


Max^rcai. 


-> Real 



The values of these constant functions can varf from one sjlfeem implementation 
to another; the ooJy t^mtm$£t% . - 

Min^intO <0 v ... 

127 s Max^chari) s 511 

Maxjchari) £Max_inti) 

0.0 < Af *n_r*c/0 < 1.0 < Mtourtim 

L_znf<int) ■ Af/n_fnfO i int ^ Afa&JMO 

L_r*a/(real) ■ real - 0.0 v Af *n„r#«fl) s |realj s Af«w_r«/<) 
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L_cAar([ char intl ■ i int S Max^chari) 

L_char j(char*) * rjc_ if £m/W}Kchar*) 

then true 
else L-chariHeadithit*)) a L-charsiTalHchur*)) 

L_stringisu ing) ■ L_cAarj(string) a L_tof<5iz«<string» 

The size of the string must be a representable integer. 

L_jrar*(int, obj*) ■ L_inr(int) a L_inr(S<K<obj*» a L_fnrfint ♦ Siztiabf) - 1) 

The index of each array element and the size of the array must be representable 

integers. 

Approx: Real -♦Real 

Approx defines the imprecision of using finite approximations to real numbers, 
and can vary from one system implementation to another. The only restrictions 
placed on Approx are as follows. Given that 

L_r*a/(rea1> a L_r«zl<reaU> a L_r«a/(real2) 
is true, then 

Approx(re&]> is normalized 

ApproxiApproximl)) - ApproxirtkX) 

read < real2 implies Approxim^) s ApprtximW 

Approxi-re*\) » -/4/>/>r«c(real) 

real * o.O implies |y#r«c(real) - real) / ieal| < 10'* 

ApproxiO.O) - 0.0 

Approxil.O) - 1.0 

Bad_add: Real x Real.-* Real 

Bad_add is used for real additions when the arguments differ in sign. The only 
restriction placed on Bod^add if as follows. If 
Bad_add(rez\l, real2> - real A L_r«xflreal) 
then 

real - >*/>/vox<real) a |(reall ♦ rea!2 - real)/(reall ♦ real2>) < 10** 
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R2i: Real -» Int 

R2i rounds to the nearest integer, and towards xero in case of a tie: 
|C K2i(real> m 02 - featj i 0.5 a |t K2t(rea» 9 0j| * |rea^ ♦ 0.5 

7>unc: Real -♦ Int 

7>unc truncates its argument towards iera 

\£Trunc(rti\) • Ol - real) s 1.0 a jcrrttnrffeit) • 0j| s |real| 

/tour n^foo/jt boot, *f»*> * to d^tyspe ■« Cdu^, EJlJaDjyj* 

in 
<normal in Term; ObooUn Vat): d JVpeJ in Obj*; env> 

Return_int( int, env) ■ to d_type - Edu int [IB in Djtpe 

<norm«Un Termj C(int t« V*#4 d J*»«J <« OhJ*; anv> 



/nr_wu/f<int, env) ■ i/ i_in/<iht> 

rA«i H#rttr«_fn«int, er#r 

tfw £rroH"overflow" in Name, env) 

Ret urn-reaH real, env) ■ to djype - Edu rol [JJ in bjype 

/n ■■■ ,-. ,-■• 

<rtorma4 tn Term; Ciitai in VaUt d jjffeSftt Ob|*; env> 

Reaf„result(rea\, env) ■ i/ L_r<a/(real) 

f*«n leerttr^^'^diKrea*, tftt) 
W« i/ jrea^ > Max_reolO 

then BrrerCoverf low* in Name, enf ) 
else ErrorCundtrf tew" in Name, env) 

/J*rurn_cAar<char, ienv) * to d_type - Edu char E JJ in Djtype 

<norm«l in Term; tCtfiiHn Vltfttlijrjpi in 0bf ; env> 
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■Returnstringistrin%, env) ■ let djype - Edu ttMn9 C33 in Djype 

in 
<normal in Term; [(string In Val): djypeJ in Obj*; env> 

Eq-ob/objl*. obj2*. env) - let <objl; obj2> - obj2* to Obj* 

in 
Kef urn_^(ob jl • ob^» env> > 

£f_oty will be used in defining various "equal" operation*. 

jErrordiame, env) ■ let term - <exit? name> in Term 

in 
<term; nil in Obj*; env> 

6.5.2 Force 

force. - proc [t: type] (x: any) returns (t) signals <wrongjtype) 
Mobjl*. obj2*. env). let objl - objl* to Obj 

obj? - obj2* to Obj 
in 
if /nc/urf«(obji.val fo D_type, obj2.d_jype) 
then <normal in Term; obj2*; env> 
Wm £rrw<"wrongJype" jfn Name, env) 

includes is used instead of strict equality because the type any is a legal 

parameter to force. 

6.5.3 Null 

equal « proc <nl, n2: null) returns (boot) 
return(true) 
end equal 

similar - proc (nl, n2: null) returns (bool) 
return(true) 
end simitar 

copy = proc (n: null) returns (null) 
return(nil) 
end copy 



W2 

6.5.4 Bool 

and - proc Cbl,"b2; boo© roii«*i*<be©J) 
return* bl c«ndb2fc , . 
end and 

or - proc <bl, b2: booD retureertoQKti): 
returnlbl cor b2> 
end or 

not - proc (b: boot) returns (booi) 
ifb 
then returrKfeJse) 
also returnCtrue) 

end > v- 

end not 

equal - proc <bl, b2: boofr *e**i^<boo# 
Eq^obj 

similar - proc (bl, b2: booD return* (bool) 
returrKblt « b2>» 
end similar . 

copy « proc <b: bool) returna (bool) 
retu^eib) •. 
end copy 

6.5.5 Int 

add - proc (il, i2: M*t) returns <in# alQnela (overflow) 

Mobjl*. obj2*. env). l*i <objl;obj2* • m0m®*$ ■ '-- 

in 
/nCr«uir((objl.val ro Int) + (obj2.vaJ.ro Int), en v> 

Note that add is not a parameteriwd p«»d*^**th«#MW^»C fctf *kjl* ,**, not 

used. This will be true of all of the definition* that foHow. 
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sub - proc (il, i2: :if»t) returns (Int) signals (overflow) 

Mobjl*. obj2*. env>. let <ob jl; ob j2> - ob|2* ro Ob j' 

in 
/nf_r«u/f((objl.val to Int) - (obj2.val to Int), env) 

mul - proc (il, i2: int) returns (Int) signal* (overflow) 

Mobjl*. obj2*. env). let <objl;obj2> « obj2* to Ob/ 

in 
/nf_r«u/f((objt.Val fo Int* * (obj2.vaWo Int), env) 

minus - proc (i: int) returns (int) signals (overflow) 
return(0 - i) 

except when overflow: signal overflow end 
end minus 

div - proc (il, i2: int) returns (int) signals (zerojdivide, overflow) 
X(objl*. obj2*. env). let <objl|obJ2> - ob|2*wObj a 

int - ob j2.val to Int 

in 
if int - 

then £rror("ierojii vide" In Name, env) 
else /n/_r«uM(objl.val fo Int) / int, env) 

mod - proc (il, i2: int) returns (int) signala (zerojdivide; overflow) 
Mobjl*. obj2*. env>. let <objl; 0bJ2> - obj2* to Obj* 

int - obJ2.val ft Int 

<n 
if int - 

fA*n £rror("iero_divide" *n Name, env) 
else /nf_r«uM<ob|l.virt to Int) // int, env> 



134 

power <= proc <i, e: int) returns (int) signals (negative.ex portent, overflow) 
if e < then signal negative_exponent end 
pow: int :■ 1; 

for j: int in int$from_to(l, e) do 
pow :■= pow * j 

except when overflow: signal overflow and 
end 
return(pow) 
end power 

f rom_to_by - iter (from, to, by: int) yields (int) 

while by > & from <- to I by <- Se from >- to do 

yield(from) 

from :« from + by 

end 
end from_to_by 

f rom_to - iter (from, to: int) yields (int) 

for i: int in int$from_to_by(from, to, 1) do 
yietd(i) 
end 
end from_to 

It «= proc (il, i2: int) returns (bool) 

X(objl*. obj2*. env). let <objl; obj2> - obj2* to Obj 2 

in 
ReturnJbooH(ob jl.val to Int) < (obj2.val to Int), env) 

le - proc (il, i2: int) returns (bool) 
return<il < i2 I il «= i2) 
end le 

ge = proc (il, i2: int) returns (bool) 
return(i2 <■ il) 
end ge 

gt = proc (il, i2: int) returns (bool) 
return<i2 < il) 
end gt 

equal = proc (il, i2: int) returns (bool) 
Eq^obj 
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similar •■ proc (Jl, i2: int) return* (boot) 
returnUl - i2) 
end similar 

copy - proc (i: int) returns (int) 
return(i) 
end copy 

6.5.6 Real 

add - proc (rl, r2: reel) raturw (ree» signals (evefftow, underflow) 
Mobjl*, obj2*. env). tet <db$*&p* - o&J2* #©b j* 

reatt - objl.val fo Real 

rea!2 • obj2.val to Real 

/n 
i/<rean<0A Areata >X).»V <reall> 0.0 a real2< 0.0) 
fteh R«aL.r«sultiB<HL.*H<HriM, reat2V ehv) 
Ww /J«t/_r#jtt/tfrtall ♦ reatf, env) 

sub - proc (rl, 1 2: real) returns (reaD signals (overftow, underflow) 

return(rl + -r2) ■' "'•""■■•'■■ ; '■" ■"--.■■•—■ 

except when overflow: signal overflow 

when underflow: signet underflow 

•nd 
end sub 

mul - proc (rl, r2: reel) returns (real) signals (overflow, underflow) 
Mobjl*. obj2*. env). let <objl; obJ2> - * ooj2* ioObf 

in 
R«aLresulMdb$Mto Real) ♦ <ob|2.val to Real), env) 

minus - proc (r: real) returns (rest) 

X(objl*. obj2*. env). let obj - ob^roObj 

in 
Atfturn_r*a#~(obj.vai to ReaO, env) 



136 

div - proc dl, r2: real) returns (real) signris (reteu&via^ overflow,: umterfk>w> 
Mobjl*. obj2*. env). to <objl;obj2> - obj2*toObj a 

real - objfcval to Real 

in _. .,. 

*/ real -0.0 

rA«n frrorCreroJUvide" in Name, env) 

else ReaLmultUcb}lv*\ to Rttft / real, env) 

power - proc <r, e: real) returns (reel) 

»4one«* <ie«»^Wi(kv «>r>pJe« J-e«*Jt, oyerf.kwt, underflow) 

Mobjl*. obj2*. env). kt «jfejfe^W2* «• f*M^!^^**# 

reall - objl.val to Real 

rea!2 - ob j2.val to Real 

in -' 4 ' :W5 ' 

f/ reall -0.0 a rea!2<0.0 

the* £r>^W?»roj*ivi«le^li»N»|ne, env) 
4<*#-raU*-4ftft.«t "^oialB^f RMtmm • 03) 

*A*n ^r^^plej^pa^* Ham** env) 
e/i« X the rest is system dependent 

i2r - proc (i: int) returns (reaO signals (overflow) 
Mobjl*. obj2*. env). let obj - obj3N*©b$ 

fn - [ -"■■■■'<■' '»' ■■ ' •■■'■•'•■ ■■■■■■■■* - ■ *'■ 

A«a/_mu/l(C(obj,vaf to kit) e 03, env) 

r2i - proc <r: real) returns (Int) signala (overflow) 
X(objl*. obj2*. env). kt obj - o>j2* to Ob j : 

in 

InUresultiRZilabip** ; ^ R *M>» ..«# ¥> 

trunc - proc (r: real) returns (int) signals (overflow) 
Mobjl*, obj2*. env). Ut obj - ob^toObj 

in 
/nCrauZtfrriMuKob^val to Real), env) 

It - proc <rl, r2: real) returns (boo!) 

Mobjl*, obj2*. env). Ut <objl; obj2> - obj2* to Obj 2 

in 
/tournJwoMobjLval to Real) < (obj2.val to Real), env) 
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le - proc (rl, r2: real) returns (boo!) 
return(rl < r2 I rl - r2> 
end ie 

ge » proc (rl, r2: real) returns (bool) 
return(r2 <- rl) 
end ge 

gt - proc (rl, r2: real) returns (booD 
return(r2 < rl) 
end gt 

equal - proc <rl, r2: real) returns (bool) 
Eq-obj 

similar ■» proc (rl, r2: real) returns (bool) 
return(rl - r2) 
end similar 

copy - proc (r: real) returns (real) 
return(r) 
end copy 

6.5.7 Char 



i2c - proc (i: int) returns (char) signals (illegaLchar) 
X(objl*. obj2*. env). let obj - obj2* to Obj 

char - I cher (obj. va Wo Int) J 
in 
if L_cAor(char) 

then K«furn_cAar(char, env) 

else £rr<^"iyegaljchar" ia Name, env) 

c2i - proc (c: char) returns (int) 

X(objl*. obj2*, env). let obj . obj2*foObJ 

CchJH-intJ .m ob j.va» to Char 
in 
RetwrnJ.ntkmt, env) 



m 

It - proc (cl, c2: char) returns (boot) iW^ 

return<char$c2i(cl) < ©har$c2Kc2)) 
end It 

le - proc (cl, c2: char) returns (boot) ■>-■?* 

return<cl < c2 I cl - c2> 
end le 

ge » proc (cl, c2: char) returns (bool) wvi, •;? -. « 

return(c2 <• cl) 
end ge 

gt - proc (cl, c2: char) returns (boot) ? : ft .J? 

return(c2 < cl) 
end gt 

equal » proc (cl, c2: char) returns (bool) 

Eq-obj 

similar - proc (cl, c2: char) returns (bool) a^? i'i ;» 

returntcl - c2> 
end similar 

copy - proc (c: char) returns (char) 
return(c) 
end copy 

6.5.8 String 

size - proc (s: string) returns (int) 

X(objl*. obj2*. env). to obj - obj2*fo0b^ 

: x )t#furhJ^^Ww<ob=j.yifM String), env) 

indexs - proc (pat, str: string) returns (Int) 

z: int :« strlng$size<p3tt) «■ ">• >* s i ,:t <V 

for i: int in Inttf romjtOd. *tringSswetstr)) ^o- 
if pat - string$substr(str, i, z) 

then return(i) end 
end 
return(O) 
end indexs 
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indexc - proc <c: char, s: string) returns (int) 
return<string$indexs(string$c2s4c)»5)) 
end indexc : 

c2s - proc (c: char) return* (string) 

Mobjl*. obj2\ env). let obj - obj2* to Obj 

in 
/?rturn_jWn|<obJ.vaHo Char in Char*, env) 

concat - proc (si, s2: string) returns (string) 

X(objl*. obj2^. env). let <objl;obj2> - tbjp.toObf 

string - CsneoKobjl.val to String, 

obj2.val to String) 
in 
if L_jfrtn|(string> 

then Returnstrtntfttring, env) 
else Fai/uM? in String, «nv) 

append - proc (s: string, c: char) returns (string) 
return(s II string$c2s(c)) 
end append 

fetch - proc (s: string, i: int) returns (char) signals (bounds) 
X<objl*. obj2*. env). let <objl; obj2> - ob j2* to Ob j* 

string - objl.val ro String 

int - obj2.val #0 Int 

in 
if \ < int i Sizeiming) 

then Return_xhariFetck(itrin%, int>, env) 
else £nwCbounds" in Name, env) 

rest » proc (s: string, i: int) returns (string) signals (bounds) 
return* string$substr<s, i, string$size(s))) 

except when bounds: signal bounds end 
end rest 
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substr - proc (s: string, nlow: int. nsize: in$ sighed (feo*in^i^Wv*:>tee) 
if nsize < then signal negative j£u «M' ' * ' '" ' - 
z: int :- strtng$size(s) 
if nlow < 1 cor ntow - 1 > z 

then signal bounds end 
s$: string :■ "" 
last: int :- z 
if nsize <: z - nJow * i 

then last :- nlow + nsize - 1 end 
for i: int in int$fromjo<nlow, last) do 
ss :- strtngSappend<ss, sCil) 

end ' : ''*\- 

return<ssJt . ; 
end substr . 

s2ac « proc (s: string) returns (ac) 
ac - arrayCchari 

a: ac :- ac$new() ■■' '••* '--' :; ' 
for c: char in stringtcharsd) do 

ac$addh(a,c) 

end ■ ,/iw- 

return(a) 
end s2ac 

ac2s - proc <a: ac) returnseleirjjig) . * - ■..:•-■> ^ 

ac - arraytchar] ' ; J ' v-k»' ■ ■ "-■>' 

s: string > 

f or c: char In acielerrientsXa) do ' 

s :- stringSappendU.cV ; 

end 
returns) 
end ac2s .-.,.. , .».•.-. 

chars - proc <s: string) yields (char) 

for i: int in int$f romJcKl, string$size(s)) do 

yielcKsCil) '' ' : ■ !> < v — J ' "*"*>*■ " *rnJ^ *r^>^s. ••;<;* . 
end' 
end chars ' ■ >"■■■:•<* "■ •■•* ■■■-■>'* 
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It - proc (si, s2: string) returns (boot) 
zl: int :- string$size(sl) 
z2: int :■> string$size(s2) 
min: int :- zl 

if zl > z2 then min :- z2 end 
for i: int in int$f rom_to<l, min) do 

if sUil < s2[fl then return(true) end 

end 
returntzl < z2) 
end It 

le - proc (si, s2: string) returns (boot) 
return(sl < $2 I si » $2) 
end le 

ge - proc (si, s2: string) returns (bool) 
return<$2 <- si) 
end ge 

gt - proc (si, s2: string) returns (bool) 
return(s2 < si) 
end gt 

equal - proc (si, s2: string) returns (bool) 
Eq-obj 

similar - proc (si, s2: string) returns (boo0 
return(sl - s2) 
end similar 

copy - proc (s: string) returns (string) 
return(s) 
end copy 

6.5.9 Array Types 

The heading of the array type generator begins 

array_ >» cluster [t: type] is ... 
at m arrayCt} 

We will make use of "at" and V in the definitions that follow. 
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create ° proc (nlow: int) returns (at) 
return(at$Cnlow: J) 
end create 

new - proc return* (at) 
return<at$create(l» 
end new 

predict - proc (nlow, nsize: int) return* (at) 
return(at$create(nlow)) 
end predict 

low t. proc (a: at) returns (Int) 

Mobjl*. obj2*. env). let obj - obj2*«>Obj 

<int;obj3*> - mmmi^^M&P?* 

in r .. . 

ReturTL-intiint, env) 

high - proc (a: at) returns (Int) " 

return(at$tow(a) ♦ <at$size(a) - D) 
end high 

size - proc (a: at) returns (Int) f* ; « 

Mobjl*, obj2*. env). let obj - obj2* to Obj 

<int; obj3*> - env.array«(obj.val to Array) 

ReturrUntiSiXiiobp*), env) 

setjow - proc (a: at, nlow: Int) 

X(objl*, obj2*. env). let <objl; ob j2> - Ob j2* to Obj 2 

array - objl.val to Array 

intl - obj2.val fo Int 

<int2; obj3*> - env.arrays(array) T 
ajnap - en v.arraysf array ♦- <intl; obp*>3 

in 
if Lstateiintl, obj3*> 

f hen <normal in Term; nil in ®&ft env£a_rnap • arrays]> 
oH§ FaiiwiM in Siring, etor) : ■■•■.;■ --c 
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trim - proc (a: at, nlow: int, nsize: int) signal* <be^s,n«gative_»ize> 

if nlow < at$low(a) I nlow > at$high(a) cand nlow > atfhlgWa) + 1 

then signal bounds end 4 

if nsize < then signal negativejtize end 
while at$low(a) < nlow do 

at$reml<a) 

end 
while at$size(a) >- nsize do 

at$remh(a) 

end 
end trim 

fill - proc (nlow: int, mize: int, elt: t> returns (at) signals <ftegaUve_*ize) 
if nsize < then signal negative_size end 
a: at :« at$create<nlow) 
for i: Int In ift&f rom_to(i, nsize) do 

at$addh(a, e*> 
■- «nd 
return(a) 
end fill 

f ill.topy - proc (nlow: int, nsize: int, elt: t) returns tit) signals <negative_»ize) 

where t hsa copy: proctype (t) returns (t) 
if nsize < then signal negativejtize and 
a: at :- at$create(nkw) 
for i: int in inttf romjod, nuze) do 
at$addh(a, t$copy(elt)) 
end 
return(a) 
end fill.copy 

fetch - proc (a: at, i: int) returns (t) signals (bounds) 

X(objl*. obj2*. env). let <objl; ©bj2> - pb#toQbJ 2 

<intl; obp*> « e«XJirrays<obJl.vaWo Array) 
int2 - (obj2.val to Int) - intl + 1 

obj3 - FetcMcbp*, int» 

in 
if 1 i int2 £ StedobjS*) 

then <normal in Term; objSinObj*; env> 
else ZJrrorCbounds" tn Name, env) 
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bottom - proc (a: atli r»t^j>f ^) *48B«t* <l>ou»«l*if . 

return<ak#Jw&*?3> ,.<-. . ., l6 

except when bounds: signal bounds end ■ 
end bottom . ^:<d. ;.wpf -^ ■■■<■;■ -'.--^ --■■"'=■ ■ 

top - proc (a: at) returns (t) signals (bounds) 
return(a[at$high(a)3) 

except when bounds: signal bounds end -, 
end top 

store » proc (a: at, i: int, ek: t) signals (bounds) 

Mobjl*, obj2*. env). let <objl; objfc obj3> - obj2* to Obj 3 

*■■■■■-;■ '-•>" ,1J *iir¥ip r '" ( •■ '*-- : '*Va^if frytfraV" -"■" ' 

<intl; obj3*> ' ~- e1A^iifrl^||rf|^ 

int2 ^-JfAkfe^X^ftAK 1 + * 
obj4* - SterdobjS*, it*2, ob j3> 

ajnap - eny*rmyiUriray <h <intft«ot»j4*J 

in -,-jv*-jt - 

1/ 1 s int2 i Siz«(obj3*) 

• ... tit n jffK^i^ T^ i iW0$WiJm$%mL*w*i& > ' 

Mh £tr&Qmmdi m in Name , env) 

addh - proc (a: at, elt: t) ■'•>•■' - 1 '-' ''' ;; - 

A(objl*. obj2*. env). let <objl; obj2> ■ ' iSt^fi*ttl' 1 &Sf / 

array » oi 

<int;obp*> « envjtmftfftrrty) .,, ;i; ri 

obj4* - ApfxndiQbp?, ob$b 

a_map - env4urrayt[amy •«- <tet; obj4*>3 

tn ..■•'• 

^ ? L^*<tfe(int, Obj4*H ' - : ' tfi - •% 

ftor <ndrmal In Term: nlWn Obj*; en vCajnap e arrays] > 
dst FMur A? in String,' 9nv) 
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addl - proc (a: at, elt: t) 

Mobjl*. obj2*. env). let <obji;©bj2> - ob^f<*0»f 

array - objl.val f» Array 

<intl;obj3*> * env.arrays(array) 
int2 - intl-1 

obj4* - Consiobfi, obp*) 

. aJWp ^«^^ 

in 
i/ L_iroMint2, obj4*> 

then <normal In Term; nit in Ob)*; envCajnap • array*3> 
Ww Fatfur#(? in String, env) 

remh - proc (a: at) returns <t) signals (bounds) 

Mobjl*, obj2*. env). let obj - objtf toObj 

' '- - ; '*rt«f' -- '" : * ■mp& : $iimftnf 
<int;obJ3*> ^ wvjirra^array) 
©bj4* - Fra»*ob#> *"""' 

5 obj* ^jy^«w?*iM!p>f 

ajnap . - envjirrayiCarray «- <int; o*J4*>] 

' <n ' '■ -'— " ; '»•"■- 

i/ £m^jKobj3*) 

*A*n £rr«H"bourKU" in N^int ^snv) 

W« <w>rraaliJiTftra; obj^*; env[a_mapoarray»3> 

reml - proc (a: at) returns (t) signals (bounds) > 

Mobjl*, obj2*, env). let obj - objftoObj 

arraf '■' ':' :: ^Wj^^kkf^ 
<int; obp*> - envjirrays(array) 
obj4* - r«tf(obJS*) 

obj5* - HevHdbp*) In Obj* 

ajnap - envjirrayrfatnrf *fc W«i obj***3 

in ' ' Tl ' 

if Emptyiobp*) 

then £rroH"bounds" in Name, env) 

else <norma! tn Term; obj5*; envta_jnap • a*f«j*]> 
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elements - proc (a: at) yield* (t) 

f or i: int in at$ind**es*a) do 

yielcKati]) 

end 
end elements 

indexes - proc (a: at) yield* <mt) 

ten: ifMfi ini$f Hwnjot*t$lpw<a), at$higW*» do 

yielcKi) 

•nd 
end indexes 

equal - proc <al, al: at) return* (hoot) 

Eq-obj 

similar - proc (al, a2: at) return* <i»oott 

#iMt h*e UpUar: proof*** (t, t) return* (booD 
if at$low(al) ~- *#Jo*(a$ L at$ii*t<a«.^ ai**i*e<a2) 

then return* 1 " , 

for i: int in at$ind< 

if ~t$simiiM£#, tft* thee retur n(f dW *«d 

return* true) 
end similar 

similarl « proc <al, a2: at) return* (booi) 

-w&Mrt fti* e^afc-pi^lyp#?t, t) return* (boot) 
if at$k»w(al) ~- atStew(a2> 1 at$*Uefal> <*• at$size(a2> 

then return< false) end > ■*- «. i .;•-.-. 

f or i: int In atSinde^ertai) d» 

if alti] -v- a2Ci} then rtturntf »»»•) *nd 
end 
return<true) 
end similar 

copy 1 - previa; at) ireturne(aJt) 

aa: at :- at$create(at$low(a)) 
f or elt: t In at$elements<a) do 

at$addh(aa, ek) 

end 
returniaai ■ 
end copyl 
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copy - proc (a: at), returns (at) where t has copy: proetype <t> returns <t> 
aa: at :- at$copyl(a) » 

for i: int in at$ihdexes(aa) do 

aaCil ;- t$copy<aa{i]* 

end . 
return(aa) 
end copy 

6.5.10 Record Types 

The definitions given in this section areschemas. Each definition is given in terms of 

the record type 

RT - record N x : T l N„: T„] 

where the N i are in increasing lexicographic order. 



get.N^ - proc (r: RT) returns (T^) 

Mobjl*. obj2*. env). let objl - obj2* to Obj 

obj3* - en v.records(objl.vaWo Record) 
obj2 - FetcMobp*, i) 
in 
<normal in Term; obj2 in Obj*; env> 
There is a get_N 1 operation for every N v 

set_N i - proc (r: RT, elt: T^ 

Mobjl*. obj2*. env). let <objl; obj2> - obj2* to Ob j* 

record - objLval to Record 

obj3* - env.records(record) 

obj4* - Storeidbp*, i, obj2> 

rjmap - env.recordtf record •«- dbj4*3 
in 

<normal in Term; nil in Obj*; erivtrjmap e records3> 

There is a set_N i operation for every N^ 

equal - proc (rl, r2: RT) returns (bool) 
Eq-obj 
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similai - proc(i%f&%Tht*^mMmB 

Where T l has similar: proctype (T^.-1-|K««lll«MilhQP0. 

T n has simitair: pirotw**^ ¥#*•**«»**&©<»»> 
returntT^similartri.Nj, r2>l l ) cand ... cand T^ll»ttWrfrt.N h ,tr&Np>> 

end similar J * 

similarl - proc (fl, r2: RT) returns <bool) 

where T x has equal: prpetypm^t^rMsmmlboM, 

T p hf*eqy||: proetyps (T^ iy ,r« ^T»» <booj> 
returh<rl.N t - r2.N } cand ... cand rl.N n - r2.N„) 
end similar! 

copyl * proc (r: RT) returns <RT) 

- retur^RTStNj: r.N r .... N n : r.N„J> 
end copyl 

copy - proc (r: RT) returns <RT) where Tj has copj; praetype <Hf^ r«t»wt <T ,), 

T„ his a^f: preptypp <f B > Iratuww <T„> 
rr: RT :- RTScbpyltr) 
rr.Nj :- T^cppyJr.Nj) 

»r.N n :- T n $copy(f^„) 

return(rr) 

end copy 

6.5.11 Oneof Types 

The definitions givet* in thit section are schema*. Etch definition is given in terms of 
the oneof type 

OT - onepflN % i T l? -„ N„: T B 3 
where the N 1 are in increasing lexicographic order. 
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make_N 1 - proc (T^) returns <OT> 

X<objl*j obj2*. envK ^« obj - obJt^WQbj 

eneof - CN^ objll 

■■'■. in " ' .;;' '■ ■ '■ / :i " 
<norm«Un Term; Doneofin Val>: OTJ in Obj*; env> 

We have informally used OT as a djype. There Is a makeJN., operation for 

every N.,. 

is_N i " proc (x: OT) returns (bool) 
tagcase x 

tag Nj: rsturnttrua) 
others: rsturn(f also) 
end 
end isJN 1 

value_N i - proc (x: OT) returns (T^ signals (wrongjtag) 
tagcase x .,-■ 

tag N 1 (v: T^: return(V) 

others: signal wrongjtag 

end 
end valuejN 1 

equal - proc (xl, x2: OT) returns (bool) 

where T 1 has equal: proetype^T^, T t ) returns <bool), 

T n has equal: proctype (T^ T n > returns (bool) 
tagcase xl 

tag Nj (v: Tj): return(v - OTSvalueJ^^x?)) 

tag N n (v: T n >: retumfv -OT$*alue_N n <x2» 
end 

except when wrongjag: return(fei*e> end 
end equal 



ISO 

similar - proc (xl, x2: OT) returns (beet) 

where T 4 ha* stmuajr: prpetype <T V T^ returns (boeJ), 

T n has similar: proctype <T„ T n > returns <boo» 

tagcese xl 

tag Mj (v: Tj): retUrnCrjfsimitatfv, OtfValOiJJ^)) 

tag N n (v: T„): return(T n $similar(v, OT$vaUie_N n <x2») 
end 

except when wrong jag: return< false) end 
end similar 

copy - proc (x: OT) return* (OT) where T x has copy: p^otftyfrifTj) returns (Tj), 

T n has copy: proctype (T B ) returns (T n > 

tagcase xl 

tag Nj <v: Tj): returntOTSmake^^Tjtcppy^v))) 

tag N n (v: T n >: return(OT$irakeJ* jT ft $ccpv<vm 
end 
end copy 

6.5.12 Prooedure Types 

The definition given in «W* mto* art schema*. Each definition is given in terms of 
a procedure type T. 



equal = proc (rl, r2: T) returns (boot 

Mobjl*. obj2*. env). let <ob jfe c* j2> - eb/j2? to Obj 1 

In 
ReturiL-t*oHdb$.v*\ - eej&vafc env) 

We ignore the type descriptors because one or both descriptors can be routine. 

similar - proc (rl, r2: T) returns (boot) 
return(rl - r2) 
end similar 

copy - proc (r: T) returns (T) 
return(r) 
end copy 
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6.5.13 Procedure Types 

The definitions given in this section are schema*. Each definition is given in terms of 

a procedure type T. 



equal - proc (rl, r2: T) returns <bool) 

X(objl*. obj2*. env>. let <objl; obj2> - obj2* to Obj* 

in 
/tourn_6oo/(objl.val - obj2.val, env) 

We ignore the type descriptors because one or both descriptors can be routine. 

similar - proc (rl, r2: T> returns (boot) 
return(rl - r2> 
end similar 

copy - proc (r: T) returns (T) 
return(r) 
end copy 

6.5.14 Routine 

We will informally use routine in CLU text below, even though one cannot reference 
the special type routine in this way. 



equal « proc (rl, r2: routine) returns (booD 

Mobjl*. obj2*. env). let <objl; obj2> - obj2* to Ob) 1 

in 
/tourn_6oo/(objl.vat - obj2.val, env) 

We ignore the type descriptors because one or both descriptors can be a procedure 

or iterator type. 

similar - proc (rl, r2: routine) returns (booD 
return(rl - r2> 
end similar 



152 



copy = proc <r: routine) returns (routine) 
return(r) 
end copy 
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7. Conclusions 

The goal of this thesis was to develop a precise, formal definition of CLU. with the 
hope that such a definition would be a useful tool in other work. This hope has already 
been met in three ways. First, this research has provided us with the opportunity to 
evaluate various features of CLU from a new viewpoint. Although our understanding of 
the meaning of CLU programs has not realty changed, we did discover several places 
where our understanding of le^aiity-checking was faulty or incomplete, and changes were 
made to CLU as a result. Second, our definition is now being used to verify (informally) 
the correctness of the legality»*cb*cking phase of the CLU compiler. Third, our definition 
provides a basis for evaluating the usefulness of the definition method proposed by 
Schaffert[Schaffert78a3. We discuss each of these points briefly betow, and then finish 
with some directions for future research. 

7.1 Meaning 

Our definition is divided into two major parts, one defining what constitutes a legal 
module and one defining the meaning of legal modules. If we ignore the definition of the 
built-in abstractions then the meaning part is quite short, less than 12 pages of actual 
equations. This indicates that the model of computation CLU presents to the user is simple, 
uniform, and hence easily understood. It also indicates that the definition method we have 
chosen is an apt one. Most of the mechanisms used in the meaning part are direct 
"implementations" of the informal descriptions given in [Liskov78], particularly those for 
variables, parameters, and exception handling. For example, we have used explicit 
termination conditions to propagate exceptions through intermediate computations, rather 
than introducing continuations to effect transfers of control 

However, our treatment of iterators is not completely satisfying. Although the way we 
have defined iterators is simple; and appears to be the simplest possible given the 
underlying theory, it is somewhat backwards from the usual view that an iterator actually 
yields items to the caller. Having the iterator return a continuation to the caller, as 
discussed in section 2.2.4, is perhaps a truer representation of this view, but defining 
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iterators in this way would involve changing the definitions of all 4** other statements to 
create and use continuations. If some other construct of GLU forced us to use 
continuations; we rn%ht ireeVtess strongly About avoiding their use for iterators; we might 
even useconeihuations for exception handling. In the absence of such a construct, the use 
of continuations Seerrts overly complicated. 

In defining meaning we have omitted two aipect* of Eeelsyfttems. the f irst omission is 
^npiit/ou^wt primitive^. We have not cief h^ «^ VO |Ki«^i5(fi btcaase UTiptementors 

aw? free tp choose thetf^wn^althoiigh a standard has how p r o po se d OiskovTM. However, 
J/O is essegtiajjy^iviaj «. inoorporate into ew def irj ui on, Aette from simply adding 

definitions of the pnnaMive types and rouUnes, the only chaswja *» our d«f taition would be 

the addition of one or (gore un^ue id doroaiw M>d State Jrmpptep to represent new 

primitive mutable objects (such as streams). 

The other omission is more subtle, and concerns failures in real systems, pa ffi actual 
implementation it is permissible for the system to generate *. failure exception at any time. 
For ex ample, when attempting to multiply two r«tl number*, an i*e*ptiort *oth as 

fatlwteffloating point hardware broken'') r 
could be generated. We <^W repiment this by n>alUi»g £Jbi^* nondeterminlstically 
choose between executing nprmaDy and faihog with a randomly iW i M H string, but m real 
systems the choice is deterministic Since Ihe rtitiip&mwmtotilk ' WdPWb^tM Witir 
and the exact reasons lor such fa dusts a«e comptetly I ms d U we nla tiOWKlejKndent, we have 
chosen simply to omit such faihtre* from our def^pittoii, U a? v ^ 

7.2 Legality 

In contrast to the concise definition 6Y meaning, bur defwuion of legality is rather 
long. This is primarily Just an indication of the, la^ amount of erroiHehesktng toeing 
performed; for the mosjpart thf, definition u wexy s^tlg^iS^waed. However, two aspect* 
of CLU merit comment, here: interface jpecifkations and | 
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Our legality-checking algorithm basically performs a single pass over the syntax tree. 
The only exception is that two passes are necessary to check module headings. Although 
clever schemes could be used to minimize the work performed on the second pass, there 
does not appear to be any good way to avoid the second pass. \n particular, we know of no 
simple, sensible rule that avoids the problem without unduly restricting the class of legal 
modules. Of course, an algorithm is not bad merely because it requires two passes, but it 
took a substantial effort to determine and understand the minimum assumptions necessary 
to derive and check interface specifications, and this leaves us with the feeling that perhaps 
something better could (and should) be done. 

On the subject of parameters, we wish to point out by way of two examples that in 
some respects there is a very thin line between having a well-defined mechanism and an 
ill-defined one. The first example deals with the permissible types of parameters. CLU is 
now defined so that parameters can only be declared With the types type, null, bool, fnt, 
real, char, and string. However, at one point procedure and iterator types, and certain 
oneof types, were also allowed. These types were removed When we discovered that one 
could write "legal" generators that could never be instantiated, as in 

X '« cluster [tl: oneofta: t23, t2: oneofta: till i« ... 
(Finite oneof type specif ications cannot be written for any actual parameters.) 

This problem could be "solved" by allowing such generators <even though they could 
never be used), or by imposing rules to forbid cyclic dependencies in parameter 
declarations, but it appears that no computational power is lost by eliminating structured 
type specifications. Indeed, given the dynamic behavior of CLU objects, it is difficult to 
think of many uses for non-type parameters in general, much less procedures, iterators, and 
oneof s. For example, the type of an array does not include any, information about the size 
of the array because an array can vary dynamically in size. 

Our second example deals with parameterized operations of clusters. Having decided 
that parameterized procedures and iterators were useful as individual modules/the 
designers felt that parameterized operations should also be allowed for completeness, 
though no real use for such operations is yet known. It then made sense to allow specific 
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instantiations of parameterized operations to be listed in whore clause restrictions. 
Unfortunately, we discovered that this last step led to an infinite recursion in our 
legality-dieting algorithm when applied to certain pathological modules tScheif Ier77]. For 
example, the type XCXtt3] in 

X - cf utfttr ft: type] 1* f , ... where t ham ttXtXltifo: prootype (>; 

f- proc £u: type] 0; ... «n#f; 
endX; 

is legal only if Xtt3 is a legal parameter to X, which a true only if Xtp has an operation 

ftX[\[X[t]]]], which is true only if X[X[Xtt3J1 is a legal type, *Mch leads to an infinite 

recursion. 

This problem could be solved by giving f uft s|>ecifj|qitior^ for each parameterited 

operation. (This if the aporoacji lakfii In A$Wir# l$yj£$f, .^h/9ff b .JW** 8 ^* for 

syntactic uniformity, rather than in response jo. thU problem.) |©f example, jtyt could stale 

where t ha« op - proc Cu: type] <u) returaatu) wh#rt u baa ... 

instead of 

where t ha« opUnt]: proctype Unt) return* (Int), 

opCreaU: proctype (reaO returna (real) 

Since this solution requires additional syntax for an extremely rare case, an additional 

legality rule was fcwmuiwed in««ad. (The funaien l^h^iii'fiWfflaiiB»flh*i^«l|eek*ih our 

definition.) =:,-> n.jv-; 

7.3 Compiler Verification 

With respect to legality-checking, no distinction cift be maiie between "denotational" 
def iriftiom and "'opera rtorrar det Inltions; -'tliert : ir¥ fa^' di^fStl(ikea% < 1fe''^i ! JFnrceb^ 'algorithm 
used. Our definition of kga lit y-check ing wa J ckJh* With Corhplfcf verification in mind, 
which is why a (frisicaHy) one , oaia ^^«|Jf40f*^|i»gj r , ^WJIfV. ^IPJB^^i.^M^lHP^v^ . ^ h * ■- ^ctu«l 
implementation of. k^abty CLU compiler d^far^|rflm .flstr. definition in a 

number of respects (primarily for efficiency reasons), the ovejr^l aJgorithni i* identical and 
equivalence is fairly easy to establish. 
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Second, Schaffert uses a producer-consumer pair of processes to define the execution 
of an iterator and its invoking for 'statement A specif object' is used to represent the 
queue between the producer and the consumer; this object is suitably defined so that the 
two processes are constrained to execute afoefnat^ Vainer than simultaneously. Although 
this definition is closer than ours to the i informal MuSt^oa^^M^i'^i, we feel it is rnore 
complex and harder to understand, However, w* should note that while pur method of 
definition can also be done in Schaffert's formalism, the opposite is not really true. This 
indicates that Schafiert's formattsw* should be «aperter «bp d*no»piw«l methods for 
defitiitig |>ara4iel programming languages. 

Third, the concept of mutable objects is built into Schaffert's formalism; an explicit 
representation of the universal state is not present in the equations, but rather is implicit 
throughout. Although this could tend to simplify the equations, another factor offsets this 
benefit. Specifically, a list of active variables (the arguments to the computation) is passed 
explicitly from computation to computation. In our opinion, passing around the kind of 
execution environment we have defined is no more complicated and no harder to dear with 
than passing around a list of variables. 

In summary, the CkU definition given he*e appears to be a little better than the 
defimtjon given by Sthnffert. Except m the treatment ef vari ab les aw d tceEatcgs, however, 
the differences between the two definitions are not significant, and really h#w? nothing to 
do with the underlying theories. Furthermore, Schaffert's method appears to be much 
better than current denbtational techniques for defining programming languages that deal 
with parallelism. 

7.5 Directions for Future R*s»aroii 

One of the most important tasks left in defining pb^eet^Eienjed languages is the 
development of a clean, usable, axiomatic definite mamod. Antf*#»BliCi*n«^o^ should 
not be extremely difficult to devise, but no wi eh method aeem* tQ exist. However, a 
proposed method will be given in [Schaffert7$>] with which a straightforward axiomprtic 
definition of CLU should be possible. 
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Our definition of meaning, on (he other hand, was designed to be as simple as 
possible, with the result that it is not particularly well-suited as an implementation standard. 
Our view here is that our definition is well-suited to be the standard definition of CLU, 
but that for verifying the correctness of implementations and for proving CLU programs 
correct, other formal definitions should be constructed. 

7.4 Comparison to Schaffert's Work 

There are major differences between our definition and the one done by Schaf fert 
[Schaf fert78a], but for the most part they are differences in algorithm design, a«d have 
nothing to do with which underlying theory was used. Schaffert's legality-checking 
algorithm is multi-pass, and simply assumes the existence of legal interface specifications in 
the library rather than incorporating an initial pass to derive and install them. 
Transformations of the parse tree are separated out as much as possible from the actual 
legality checks. Further, CLU has changed somewhat since the time his definition was 
made: the exit and continue statements were added, as was the type real; the rule 
mentioned above concerning infinite recursion was adopted; and a mechanism for 
renaming exceptions was removed. These and other differences result in Schaffert's 
definition being a tittle shorter than ours, but in practice his definition =of legality seems 
slightly harder to understand, primarily due to the separation of. -the transformations from 
the legality checks. ! 

The two definitions of meaning are the same in many respects, particularly in the 
treatment of parameters and exception handling, but there are three important differences. 
First, Schaf fert is constrained by his formalism to treat variables as objects of an abstract 
type, whereas we are free to treat then? simpiyav namfs for qbjects, Although treating 
variables as objects gives a uniformity and simplicity to the underlying semantics, it is 
counter to way CLU variables are normally explained tLisfcov7«]. It may be that treating 
variables as objects yields a simpler axiomatic description, but proving equivalence to an 
axiomatic definition would not appear to be any harder with our definition than with 
Schaffert's. 
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In addition, a better understanding of how to define general control structures is 
needed. Neither Schaffert's definition of iterators nor ours is wholly satisfactory. Perhaps 
future work in defining parallel programming language constructs will lead to some 
answers. 
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- We Mse an ex t*««kd ; BNF : grammar to {define tfcf reUfcnnihfr between the afcttrsct 
syntax and text str ingv The general form ©T a produc*ior» is: 
nonterminal ::« alternative 

| alternative - ■ 

| alternative 

The following extensions a/e used: 

a,,., startdtfor |a |a ,* fa ,» ,» [*^ % 
{a } stands for (c | a | a a j * a a }■- } 
[a] stands for (sja) 

All semjcolops are »p*«*al m» QMJ, but fpt siotplkity >*bjp appear below without 
enclosing meta-braekets. Nowwminat symbols ippeaf in norwalftce. Reserved words 
.appear m bold face. A^o^her mtrnw) tynbofr ar%jmn ■tphjbetJu. and appear in noiraal 
face. !> [: - ' ; ' v ' ; ' ** :S;: 

In defining the syntax ..of e*p«^KH^ w<* w# s^o^ wdj^fc *be precedence of the 
various operators with comments rather than explicitly incorporating precedence into the 
productions. H^her precedence operation* are pe*fo*a*d 'fit*. '. ^« bhwj operators are 
left associative except **, which is right aisociative. 

fulLmodule ::a { equate } modute 

module ::» procedure 

[ iterator 

,. | cha«er ■ 

procedure ::s idn - p*oc [ parrra ] arg* [ returns | { signah 1 J where ) ; 

' .-. .. °°d v 

end idn; 
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iterator ::= idn - iter [ parms ] argi [ yieWJ ][ JlgnaU J, [where j ; 

body 
end idn ; 

cluster ::s idn - cluster [ parms J is idn , ... [ where J ; 

duster_body 
end idn ; 

parms ::s [dec! , ... ] 

args ::s ( [ decl .... J ) 

decl ::a idn , ... : type jspec 

returns ::= returns < type_spec , ... ) 

yields . ::s yields ( type_spec , ... ) 

signals ::= signals ( cond_spec , ... ) 

condjpec ::s name [ ( type_spec , ... > J 

where ::s where restriction , ... 

restriction ::s idn has oper_ded , ... 
J idn in type_set 

type_set ::s { idn I idn has oper.decl , ... ; { equate } } . 
| idn 

opei _decl ::= oper_name , ... : type_spec 

operjiame ::= name [ C constant .... 3 J 

constant ::s expression 
I type_spec 

body ::s { equate } { statement } 
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clustci_body ::= 



routine 



equate 



type_spec 



equate { equate y 
routine { routine y 

procedure 
iterator 

idn = constant ; 
idn = type_set ; 
rep = type_spec ; 

null 

boot 

int 

real 

char 

string 

any 

rep 

cvt 

type 

array [ type_spec ] 

record [ field_spec , ... 3 

oneof [ field_spec , ... ] 



proctype ( [ type_spec .•••]>[ returns ] [ signals J 
itertype ( [ type_spec .-••])[ Y' e '^ s J [ s 'g na ' s J 



idn [ constant , ... ] 
idn 



f ield_spec ::= name , ... : type_spec 
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statement ::s deel ; 

| idn : type_spec :- expression ; 

| ded ,...:- invocation ; 

| idn , ... :- invocation ; 

| idn , ... :- expression , ... ; 

| invocation ; 

| primary . name :- expression ; 

| primary [ expression ] :- expression ; 

j if expression then body 

{ elseif expression then body } 

[ else body ] 
end ; 
while expression do body end ; 

return [ ( expression ,...)]; 

yield [ < expression ,...)]; 

signal name [ < expression , ... ) ] ; 

exit name [ ( expression , ... ) J ; 

break ; 

continue; 

begin body end ; 

tagcase expression 

tag_arm { tag_arm } 

[ others : body J 
end ; 

| for [ deel , ... ] in invocation do body end ; 

| for [ idn , ... ] in invocation do body end ; 

| statement except { when _arm } 

[ othersjarm J 
end ; 
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tag_arm ::= tag name ,...[( idn : type_spec ) J : body 

when_arm ::s when name , ... [ ( dec! , ... )] : body 
| when name ,...(*): body 



others_arm :: 


s others [ ( idn : type_spec )■ J 


: body 




expression :: 


s primary 
( expression ) 








~ expression 


X6 


(precedence) 




- expression 


X6 






expression ** expression 


X 5 






expression // expression 


%■ 


4 




expression / expression 


X 


4 




. expression * expression 


X 


4 




expression II expression 


% 


3 




expression + expression 


% 


3 




expression - expression 


X 


3 




expression < expression 


% 


2 




expression <-> expression 


% 


2 




expression - expression 


% 


2 




expression >•= expression 


X 


2 




expression > expression 


X 


2 




expression ~< expression 


X 


2 




expression ~<« expression 


X 


2 




expression ~=> expression 


X 


2 




expression ~>= expression 


X 


2 




expression ~> expression 


X 


2 




expression & expression 


X 


1 




expression cand expression 


X 


1 




expression 1 expression 


X 







expression cor expression 


X 
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primary ::s nil 

j true 

| false 

| intjiteral 

J reaLHteral 

| char .literal 

I Stringjiteral 

I type^spec $ name [ [ constant ,...)] 

| idn C constant , ... 3 

j idn 

| invocation 

| type_spec $ { field , ... } 

| type_spec J [ [ expression : J f expression , ... J 3 

| f orce C type_spec 3 

| up ( expression ) 

| down ( expression ) 

| primary . name 

j primary C expression 3 



invocation 



fiekr 



"::■ primary < [ expression 
::b name , ... ; expression 



••]> 



Reserved word: one of the identifiers appearing in bold face in the syntax. Upper and 
lower case letters are not distinguished in reserved words. 

Name, idn: a sequence of letters, digits, and underscores that begins with a letter or 
underscore, and that is not a reserved word. Upper and lower case letters are not 
distinguished in names and idns. 

IntJiiteral: a sequence of one or more decimal digits. 

ReaUiiteral: a mantissa with an (optional) exponent A mantissa is either a sequence of 
one or more decimal digits, or two sequences <one of which may be empty) Joined by a 
period. The mantissa must contain at least one digit. An exponent is '£' or V, optionally 



i 



m 

followed by V or '-', followed by one or more decimal digits. An exponent is required if 
the mantissa does not contain a period. Real literals are parsed to tWr (normalized) exact 
values. ; ;^ ■ 

CharJittral: either a "printing" ASCII character (octal 4fltferu octal |176) other than 
single quote or backslash, enclosed in single quotes, or one of thtf folkfcrtttg escape sequences 
enclosed in single quotes: i~ > ss ; 

escape sequence character - ■ : :: --^'' = j $"■'-'--■■■■, ,-;' -"*'". ■■■■■»•■■ - 

\' ' (single quote) 

\" " (double quote) 

W \ (backslash) ^ . v , 

\n NL (newline) ,. ; <L? 

At HT (horizon»|-tob) 

\p f FF tnewpageV' . 

j \b BS (backspace) ^ ; y ■''•?>-«.• 

\r CR (carriage return) : ni >«; : - 

\v VT (vertical tab) •" .^v.-.. - .r.^;. 

\*** specified by octal vatue(* is in Octal digit) 

The escape sequences may be written using uppe/ cWilil. IfnlTAScil characters in 
their usual order correspond to octal values IhroughjTJ. 



1 V^s S'' 



String_literal: a sequence of zero or more chara^rxeoj^£tio^*ncjps«d in doubke 
quotes. A character representation is either a printtnj ASCII character other than double 

■v..-. <:i;:M3i, : ■■?•■-* *?■••;,- --•"'. ■■ ?:■'■:': ■■<< J.m^qqsi S7SjT??nsbi 3.1i to Via ;V>Wi> V>v--<v.v\ 
quote or backslash, or one of the escape sequences listed above. 



Comment: a sequence of characters that begins with a percent sign, ends with a newline 

,-. . :•'-■; i- ;■■•■■ -- :. .-:' ''ait ? -o^-jy-^ny bns .?H3ib irmm "to 93fWJp« -.."W; . -.'t-.-T-. 'A 
character, and contains only "printing" ASCII characters and horizontal tabs in between. 

Separator: a "blank" character (space, vertical tab, IruHdmul *a*>, carriage mum, 

newline, form feed) or a comment. Zero or more separators may appear between any two 

.rjj'sib I &-Ri3st ,9-rofB 10 sno li%3fiswp><i ■-' ■<*.-'■■>■•-< -.-.vr'.- 



tokens, except that at least one separator is required between any two adjacent 
rKJH-self^rmmating tokens: rts*rvad*iorcta> tfeMif 4m, toMf* tttawti^ and real literals. 



Domain Index 



169 



Env 112 

imp_map 112 

Imp 112 

Op 112 

Type 112 

V_map 112 

Loop 112 

A_map 112 

R_map 112 

Result 112 

Term 112 

Signal 112 

Exit 112 

Loop_term 112 

Library 103 

Impsjtrap 103 

Perm 72 

CE 41 

Info_map 41 

Info 41 

Spec_map 41 

Sig 41 

Handle 41 

D_hand 41 

FulLmodule 31 

Module 31 

Procedure 31 

Iterator 31 

Cluster 31 

Decl 31 

Cond_spec 31 



Restriction 


31 


Typejwt 


SI 


Operjdecl 


31 


Operjtame 


31 


Routine 


32 


Constant 


32 


Body 


32 


Equate 


32 


Type_spec 


32 


Field .spec 


32 


Stateme^ 


S3 


Elseif_arm 


34 


T*$jfa¥' 


34 




S4 


osaftjii* 


34 


Exprt**#r 


34 


IrrvooMOtt 


34 


Field 


34 


Bool 


35 


Real 


» 


Char 


*^P 


String 


S5 


Bin_op 


35 


Int 


35 


Name 


35 


Idn 


35 


Mod 


36 


Mod_form 


86 


Op_f orm 


36 


Unit 


36 


Typejorm 


36 



Oper 


36 


Pjype 


36 


D_record 


36 


Djoneof 


36 


D_corrip 


36 


D_proc 


36 


DJter 


36 


D_cond 


37 


Djmod 


37 


Stmt 


37 


Elseif 


37 


Tag 


37 


Catch 


37 


Expr 


38 


Invoke 


38 


Comp 


38 


Obj 


38 


Val 


38 


Oneof 


38 


D_oper 


38 


Tset 


38 


Op_decl 


39 


Array 


39 


Record 


39 


DU 


39 


DU_spec 


39 


R_spec 


39 


T^spec 


39 


Op_spec 


39 


D_parm 


39 


Constraint 


39 
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Function Imfox 



Add_get_ 

Add_imps 
. Add_info 

Add__infps 

Add_opi 

Add-Op^jdefls 

Add_parwj 
. Add_set± 

Add_upjLype 
, Append 

Approx 
i As in 
xAssnl 

Bad_add 
$ad-cxpr 

Bad_obj 
Jiadstmt 

Bad-type 

Base_op 

Boolean 

Boolean s 

Compile 

Concat 

Cons 

Const_expr 

Const_exprs 

Const_typ€ 

Const_typ& 

Create^ce 

C-body 

C^call 

C_cond_specs 

C^constant 

C-constants 

C-Constraints 

C-evts 



67 N*me-»Wam« v >: 

104 Mod* x Impsjjtap -» Impsjnap 

74 Idn x Info K CE -♦ CE 
76 Idn* x I«f<? x CE -+ CE 

105 Op^pec* x GB hi CE 

98 Idi| ; k Op^ed*; X CE -» CE 

105 D^parm* xC£-«CE 

78 Name-* Nape 

92 Id** Ido*,xCE^CE 

25 D*x D-»D* . 

129 Real -» Real 

120 Idn* x QJbj* x Eav -♦ Env 

119 Idnx Objx En* -♦ Env 

129 Re»l x RaaJ * R«al 

61 CE «♦ E*pr *-£!_, 

51 CE ;..* QbJxCE 

75 CE^Stfmx.CE 
45 CE -♦ Djype k CE 

68 Bin^op -» Bin^g^ 

69 Expr X CE -* Boot 

70 Expr* xCE-* Bool 

103 FuH^rxKlule* x Library x Info_map -» Library 

25 D*xD*-»D* : 

25 DxD*-»D* - 

59 Expr -» Bool 

58 Expr* -» Bool 

59 D Jfl* -* Bool ,^ 
59 Djtype* -s* Boot 

44 Info^map x Spesjnap -» CE 

74 Body x CE -» Urtt x CE 

64 Expr x Expr* x ,©£ -♦ Expr x CE 

49 Cond_spec* x CE -♦ D_cond* x CE 

51 Constant x CE -» Obj x CE 

51 Constant* xCE-> Obj* x CE 

55 Obj* x Constraint* x CE -» Bool 

80 Expr* x Bool* x CE -» Expr* 
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C—cvt_con<ls 


ill 


C-.cvt_dcch 


110 


C_cvtjtype 


111 


C-CVt^types 


111 


Cdecls 


75 


C_dcfs 


94 


C_defsl 


94 


C^du^parms 


54 


G_rf_<rpnrf 


65 


C_d^.conds 


64 


C_d_oper 


62 


Celseifs 


78 


C-equates 


72 


C-exit 


81 


C^exprtssion 


61 


^expressions 


61 


Cfietds 


66 


C„field_specs 


4? 


C_full-modules 


104 


C-headS.conds 


99 


C-head-dccls 


98 


C-head_type 


98 


C_head_types 


98 


Convocation 


64 


C-.it er_inv 


85 


CJiterjtype 


49 


C-rnodule 


105 


C-Oper^decls 


97 


Cooper ..names 


97 


C_op-.call 


69 


C_op_decls 


56 


C-0p_inv 


69 


C_op^parms 


54 


Copjlype 


58 


C-.others_a.rm 


87 


Cparms 


55 


C_parm_dcds 


95 


C_parm_op 


58 



Condjipec* x^jpg .<* Sig* xCE 

Dec!* x QE ,-+ -Exjir! X CE 

Typejjpec* f> £$ *0jype x Bool x CE 

Type^pjxf x CE^.D Jypf* x Bool* x CE 

D«cl*xCEVcE 

Decl* x Equate* x CE -► CE 

Equate* x Decl* X Equate* x CE -» CE 

DU x ObJ*, jx GEr? Obj x CE 

D.cond x Handle* ■* Bool 

D.cond* x Handle* -♦ Bool 

P_oper . x f ,CE ;•* J|xpr • x CE,,;, ' 

Elseif jirm* ;$£$, ^Elseif* x CE 

Equate* x CE -*. CE, 

Name x Pjiype* >C H*^ 1 * 5 * -• BooJ 

.Exprefs^m..x<'Cf^vCxprx: : ^E ■. 

Expression* x CE -♦ Expr* x CE 

Field* x GE- % Gorop* x CE 

Fiisldjj^e^ f x,CX ^ : P jcompj!< x CE 

FulljTwduk* x PlUpe** xpE -» Mod* x CE 

Condjpec* xCE -^Pjcond* x CE 

Decl* x CEf-> CE 

Type^ipcc X CE -» D_type x CE 

T|pejspec* x C|-f i|)Jyp«? x CE 

--Ir»yocat^,xC^:-3»,j&cprx f 6E . 

Invocation x CE-+ Expr XjCE 

Djtype* x .Djtype;* ,x 5 Djcobii* x CE -» Djtype x CE 

Module X CE -» Mod x CE 

Qperjdejpl* x €$^.Opjdecf* x CE 

Operjiame* x Djtype x CE;-* Op_decl* x CE 

Name x E^frentegif x CE ?* Expr x CE 

Pjype x Opjiwl* :>x CE ■*. Bool 

Name x Ex^jpej^pii?; x CE ,■$ tExpr x CE 

Op^pec X Qb £ X, £E -» QbJ x CE 

Name X Qbjf x <*»j£pec* x,CE -♦ Djtype 

Others jiriu ^xhCJE rt Catch x CE 

Obj* x pjpaf m**x. C E "♦ **M 

Decl* x CE, -* CE; 

Name x Obj* ,x Op jled* -* Djtype 
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C_.proc_.type 

Crestriction 

Constrictions 

C— routine 

Coroutines 

Csig 

Cstatement 

^.statements 

C-tag_arm 

C-tag_arms 

C„type_set 

Ctypespec 

CjLype_specs 

C-when_arm 

C-.when_a.rms 

Cxbody 

Delist 

Derivespecs 

Duplicates 

Empty 

Eq-obj 

Erase 

Error 

E_catch 

E-catchs 

E^elseifs • 

E-.equ.ate 

E^equates 

E^expr 

E-.exprs 

E^in.voke 

£_o/7 

Estmt 

Estmts 

E-tag 

E_tags 

E_unit 

Fail 



48 Djype* x Djtype* X Djcorttf* xCE -» D jtype x CE 
96 Restriction XCE 4' C£ 

95 Restriction* X8E-+CE 

108 Rbutihe x Cl W ^Jorra x CE 

107 Routine* x CE j^jxer* x CE 

80 Name x B&type* ~x' :%* -» Boo4 x Bool* 

75 Statement xCE % ISfmt x CE 

75 Statement* X CE -» «tmt* x CE 

83 Tagjatfrt x CE "'$ : T*g x Nime* x Djcomp* x CE 

83 Taf_arm* x CE 4 tag* x Name* x Djcomp* x CE 

96 TyjwjwtWCE-rlFittx CE 

45 Typejpec X CE ^ISj^e x CE 

45 Type_*pec* x CE 4 D jype* x CE 

86 Whenjtrm xCE^ Catch xftame* x Handle x CE 

86 When .arm* Tie 't£. 4 1 Catch* ! X Name* x Handle* x CE 

84 Dect* x Borffx CE ^ Djty^e* x Unit x CE 
25' [D*}*-» 0* •- *~ i! "' ( 

88 FiffljwodukPx CE 4 DUj^iec* x CE 

48 D*-*Boo» 

25 D* 4 Bool 

131 ObJ* x Oo J* xEnv-* Result 

106 rdn*xC£-*CE 

131 Name x En* 4 Result 

124 Catch x Name xCftfj* x Env -♦ Result 

124 Catch* x NaW>f c4j* x EiiV ■* Result 

120 Elself^x UrWtV^V -» Rewift 

73 Equate x CE -♦ CE ] 

73 Equate* xCJE<*CE 

114 Expr xEnv^ Result 

114 Expr* X Ehv -* Result 

115 Invoke x Env -» Result 

126 OpJ&mx Ob j* l tf Obj* x Ejiv -♦ Result 

Ito Stmt x En v '-* Result 

119 Stmt* X EhV ■'-* Result 

122 Tag x^j ^ Eriv 4 Resuk 

122 fag* x Name x <M»j x Env -* Result 

119 Unit^x- Enr 4 Result 

*6 4 D_cbnd 
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Failure 115 

Fetch 128 

Find-Op 125 

Fix-info 75 

Front 128 

Get-comps 66 

Get-decls 77 

Get-du 105 

Get-duspecs 89 

Get-d-comps 47 

Get-d-parms 95 

Get-exprs HO 
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